tv Politics and Public Policy Today CSPAN November 17, 2016 8:00pm-12:01am EST
in 1979, c-span was created as a public service by america's cable television companies and is brought to you today by your cable or satellite provider. tonight on c-span3, a house hearing on the security of internet-connected devices. then nuclear physicists testify at a senate hearing on the future of nuclear power. and later from the palestine center's annual conference, a discussion about the arab-israeli conflict. on wednesday, tech industry insiders testified about the security of internet-connected consumer devices. they discussed the devices' vulnerabilities and those that are trying to exploit them. this is a joint hearing of two house energy and commerce subcommittees. it begins with an opening statement from oregon congressman greg walden.
good morning, everyone. i'll start with opening statements for our side and for our subcommittee and then i think we go back and forth. so we'll work this out. i want to thank the two subcommittees for coming together on this very important topic that i think we all share a deep concern about. we live in a world that's increasingly connected. our smartphones are now capable of locking and unlocking our front doors at home. turning on lights, checking the camera for packages left on the doorstep. we're able to measure our steps, check our baby monitors, record our favorite programs from wherever we have connectivity. we'll soon be able to communicate or -- we can communicate with our offices, too, but commute to our offices in driverless cars, trains, buses, have our child's blood sugar checked remotely and devoting energy resources from town to town efficiently. these are incredible potentially life-saving benefits that our society is learning to embrace. but we are also learning these innovations do not come without
a cost. in fact, recently we encountered a denial of service attack on a scale never before seen. this attack effectively blocked access to popular sites like netflix and twitter by using cameras and dvrs. once these devices came under the command and control of bad actors, they were used to send dns requests that's rnderred the dns servers ineffective. at the beginning of this attack it was impossible to distinguish malicious traffic from other normal traffic, making it particularly difficult to mitigate against attack. so how do we make ourselves more secure without sacrificing the benefits of innovation and technological advances? knee-jerk reaction may be to regulate the internet of things. while i'm not taking certain level of regulation off the table, the question is whether we need a more holistic approach. the united states cannot regulate the world. standards applied to american
design, american manufacture, american sold devices won't necessarily capture the millions of devices purchased by the billions of people around the world so vulnerabilities might remain. any sustainable and effective solution will require input from all members of the ecosystem of the so-called internet of things. we'll need a concert td effort to improof not only device security but coordinate network security and improve the relationships between industry and security researchers. we're all in this thing together. and industry, government, researchers and consumers will need to take responsibility for securing this internet of things. so today we'll hear from a very distinguished panel of witnesses on some of the approaches that can be brought to bear on this challenge. my home is this hearing will help to sustain and accelerate dfr conversations on our collective security and foster the innovation that makes the internet the greatest engine of commerce our world has ever seen. i thank our witnesses for being here. we appreciate your willingness
to share your expertise. and i look forward to your testimony. at this time, i would yield to mrs. blackburn for an opening statement. >> thank you, mr. chairman, and i also want to welcome our witnesses. and we appreciate your time. we did an internet of things hearing in march 2015. at that point, i talked a lot about the convenience that this brings to us in our daily lives. and about the opportunities that it will open for us. i think now as we look at it, as the chairman said, you look at the cost. you look at the maximized use that exists. i think that by 2020, the expectation is 3.4 billion devices that would be in this universe of connected. that means we have vulnerabilities that exist. entry points. and we'll want to discuss some
of those vulnerabilities with you today. get your insight. and see how we as policymakers work with this wonderfully exciting innovative area in order to make certain that americans have access but they also know that there is, as the chairman said, security as we approach this. and with that, mr. chairman, i yield back. >> gentle lady yields back the balance of her time. we'll now -- i'll yield back the balance of my time as well. now turn to my friend from california, the gentle lady, miss eshoo for opening comments. >> first of all, i want to express our collective thanks from this side of the aisle to you for responding to our request to have this hearing. mr. pallone, mr. mcnierne, we all made the request and were
grateful to you for holding the hearing because we think this is, obviously, a very large issue and something that concerns the american people. in fact, americans are connecting more devices to the internet than ever before. most of us carry at least one in our pocket, but as technology evolves, we're seeing a proliferation of everyday items and appliances that connect online. this is good. today everything from washing machines to light bulbs are now capable of connecting to the internet. the business world also relies more and more on the internet. in fact, internet-enabled objects to drive their efficiencies and there to produce lower costs. there are as many as 6.4 billion -- billion with a "b," -- internet of things in use worldwide this year.
the growth in this market is expected to be significant, including estimates of over $20 billion internet-enabled products connected worldwide by 2020. so this is not a small market. it makes it a very large issue. it is an economic one, and we don't want to damage that, but it's something that needs our attention. there's great potential for innovation as more devices become connected. but there's also the potential for serious risk if they're not properly secured. that's really what we're pursuing here. we need to look no further than the major attack on october 21st that crippled some of the most popular websites and services in our country. distributed denial of service attack against dynamic network services known as d.i.n.e. was made known biinternet of devices that they were able to infect
with malware. this army of devices was then harnessed by the attackers to bring down dyne's servers. similar attacks in october targeted a journalist and a french cloud services provider. these attacks raised troubling questions about the security of internet-enabled devices and their potential to be used as weapons by cyberattackers. for example, it's been reported that some devices used in these attacks may have lacked the functionality to allow users to change the default user name and password. we already know that an important way to prevent cyberattacks is to practice good cyberhygiene which includes changing default user names and passwords. when products lacking the common sense functionality are manufactured, shipped and eventually connected, they put users in the internet as a whole at risk. so it seems to me that this is an area that we need to explore
with our witnesses. there's also an issue of how long these unsecured devices can remain in use. the dyne attack reportedly used infected devices that were first manufactured as early as 2004. manufacturers may no longer update products that have been in use for so long, further exposing users in the internet to security risks. finally, we have to recognize that this is a global issue. level three communications estimates that a little more than a quarter of these devices infected with the malware that was used in the dyne attacks are located in the united states. one of the major manufacturer of products that appear to be particularly vulnerable is based in china. this is important to keep in mind as we explore how to address this problem going forward. so this hearing, i think, is a very important step in helping
us first of all to all understand what lessons we should take away from these recent attacks. the internet of things offers exciting possibilities for innovation, but we can't afford to ignore the risks that come when devices are designed without security. whatever the ultimate solution is, i think industry must play a central role in the effort to address these issues, and i look forward to hearing from our witnesses today. you play a very important role in this. with that, thank you again, mr. chairman, for allowing this hearing to take place, and i yield back the balance of my time. >> chair now recognizes the gentleman from texas, dr. burgess. >> thank you, mr. chairman, and good morning to our witness panel today. thank you mr. chairman, for holding the hearing and allowing us to have this discussion about the recent cyberattacks. several popular websites were
knocked offline for several hours on october 21st of this year. hackers used malware to create a botnet, a gargantuan, morphos mass of connected devices to flood a domain server with terra bites of traffic overwhelming the system and providing legitimate traffic from accessing those devices. in this case, the result was brief, but the outages were on consumer facing websites. the incident is unique in that it wasn't someone's desktop or laptop but it was the armies of compromised devices that launched these attacks without the knowledge of the device owners. many of the devices are regular househoed items such as baby monitors, dv rs, webcams and many consumers do not realize they need strong cyberprotections on even these everyday devices. but that's exactly why this attack and others like it has been so successful. the malware that created this
botnet spread to vulnerable devices by continuously scanning the internet for internet of things systems protected only by the factory default manually generated user names and passwords. the balance between functionality and security is not going to be resofld in the near term. consumers want the newest and fastest device. they want it as soon as possible, and they have not employed adequate security protections. in fact, the most common password is the word password. the culture surrounding personal cybersecurity must change to ensure that the internet of things is not vulnerable to a single insecure device. the subcommittee on commerce manufacture and trade has explored cybersecurity through a number of hearings, including our disruptor series. cybersecurity, the issue of cybersecurity has been raised and discussed at each of these hearings. the government is never going to be big enough to have the manpower and resources to address all of these challenges
as they come up, which is why it is so important and i'm grateful we have industry here today to discuss this with us because they must take the lead. recent attacks present a unique opportunity to examine the scope of the threats and the vulnerabilities presented by connective devices and learn how stakeholders are considering these risks throughout the supply chain and how consumers are responding in the market. we've learned about a number of best practices and standard-setting projects that's are ongoing with various groups. it's an exciting time in the growth of interconnected device, the growth of the internet of things. it's really going to be life changing for so many -- in so many industries. but we also need to see meaningful leadership from industry about how to address these real challenges. again, i want to welcome our witnesses, and i'm pleased to yield the balance of my time to the gentleman from ohio, mr. latta. >> thank you very much. i appreciate the gentleman for
yielding. and i also appreciate the -- both chairmen of both subcommittees for holding this very important subcommittee hearing today on the cybersecurity risks associated with connected devices. the last month we witnessed one of the largest distributed service of denial texts. the attack against dyne revealed the impact that a lack of adequate security measures in these devices can have on the broader internet community. by simply exploiting weak security features such as default user names and passwords, hackers could lever hundreds of thousands of network devices and compromise several major websites. that is why it's essential under the internet of things device manufacturers, security by design and have the ability to apply patches or upgrades. consumers much be vigilant in safeguarding data and fully experience the benefit of the internet of things.
as the co-chair of the committee on the internet of things working group i'm familiar with this issue. cybersecurity is among one of the most common things that's mentioned in all of our working group briefings. no matter the -- no matter what time from health to energy applications, securing devices, protecting consumer data is a top priority. today we are reminded that there's a need for iot security guidelines that keep pace with rap itdly evolving technologies. however, there is a delicate balance between oversight and regulatory flexibility, and we must encourage the industry to establish best practices that's will not hinder innovation and protect consumer privacy and security. and with that, i appreciate the gentleman for yielding, and i yield back. >> we'll now turn to the gentle lady from illinois, miss schakowsky for opening comments. >> with each report of a new cyberattack, americans increasingly realize how
vulnerable their devices are. on october 21st, americans lost access to sites such as twitter, amazon and spotify because of a massive distribution denial of service or ddos attack against dyne, a domain naming system company. in the wake of that cyberattack, i joined with representatives pallone, eshoo, degette and mcnierny in requesting a hearing like this. i appreciate that we're having it on this important issue. we need to better understand our vulnerabilities and update federal policy to stop such attacks in the future. the motivations of hackers vary from identity theft to actually undermining public trust. they go after consumers, businesses and even presidential elections. the u.s. intelligence community found that hackers supported by the russian government put their thumb on the scale in 2016. i strongly believe that use of cyberattacks by a foreign actor
to manipulate our democracy should be troubling to everyone. this problem does not go away now that the 2016 election is over. the day after the election, a wired article reported, quote, that russia perceives those operations as successful. experts say. will only encourage similar hacks aimed at shifting elections and sowing distrust of the political processes in the western democracies. everyone, whether your candidate won or lost last week, must grapple with this, and i hope that we'll work on bipartisan basis to protect our democracy from foreign interference. russian hackers exploited holes in security on computers and servers. the hackers that carried out the october 21st ddos attack directed their attack through the internet of things. the internet of things is usually -- is uniquely vulnerable to cyberattacks.
iot devices often have less protection from malware and manufacturers are often slower to install security patches. manufacturers put consumers at further risk by using default passwords or hard-coated credentials. once hackers find out what those passwords are, they can hack hundreds, thousands or even millions of devices. that's what happened in the dyne attack. hackers accessed an army of iot devices by exploiting default passwords. they then used that army to attack dyne. traffic from the iot devices overwhelmed the service and the service and shut it down, which, in turn, cut off americans' access to many popular websites. you don't have to be a tech expert to see the terrifying potential for future cyberattacks. so it's time now for action. two weeks ago, ranking member pallone and i called on the federal trade commission to work with iot manufacturers to patch
vulnerabilities on their devices and require the changing of default passwords. we also called on the ftc to alert consumers about potential security risks. we need stronger cybersecurity standards for all devices that could be taect attacked or used launch a cyberattack. we cannot count on iot manufacturers to do the right thing on their own. they have little financial incentive to improve security, and their customers may not even realize when their devices are being used to harm others. consumer watchdogs like the ftc must take a leading role in promoting cybersecurity and holding companies accountable when they fail to provide adequate protections. unfortunately, at the same time that the threat to consumers from cyberattacks are rising, the republican majority is pushing legislation to reduce the ftc's authority and cripple its enforcement capabilities. stopping irresponsible behavior
by companies requires strong consent orders and the ability to pursue privacy cases. the so-called, quote, process reform, unquote bill that republicans reported out of committee would threaten the ftc's ability in those areas. instead of rolling back consumer protections, we need to face today's cyberthreats head-on. consumers can't afford to be left vulnerable and manufacturers can't survive a pattern of high-profile cyberattacks that undermine consumer terrorist in their products. in mr. schneider's written testimony, he called the dyne attack, quote, as much a failure of market policy as it was of technology, unquote. we should not be content with failure any longer. i want to thank the chairman for listening to our request for hearing and we have to continue our work on this issue in the months and years to come. >> the gentle lady yields back
her time. we thank you very much for your request. we share in this concern, obviously. it's a bipartisan issue. we look forward now to the testimony from our expert witnesses. we're glad you're all here. we'll start with mr. dale drew, the senior vice president, chief security officer for level 3 communications. mr. drew, welcome. turn on your microphone and have at it. >> chairman walden and burgess and ranking members eshoo and schakowsky, thank you for the opportunity to testify on behalf of level 3 communications regarding the recent cyberattacks on our nation's communications landscape and risks proposed by vulnerabilities found in iot devices. level 3 is a global communications company serving customers in more than 500 markets in over 60 countries. given our significant network footprint and amount of traffic we handle on a daily basis. level 3 has a unique perspective on threats facing our landscape. they established the threat research labs to actively
monitor communications hoping to detect and mitigate threats. every day our security team monitors more than 48 billion security events, detecting over 1 billion unusual or suspicious pieces of traffic. the proliferation of iot devices represents tremendous opportunities and benefits for consumers by connecting cameras, light bulbs, appliances and other everyday items to the internet. the lack of adequate security measures in these devices also poses significant risk. vulnerabilities stem from several sources. some devices utilize default and easily identifiable passwords that hackers can spotlight. others use credentials users are not able to use. many lack the capability of updating their firm ware forcing customers to monitor and update themselves. the global nature of the marketplace means many products are manufactured in and shipped to foreign countries that have yet to embrace sound and mature
cybersecurity practices. iot devices are also particularly attractive targets because users often have very little way to know when they've been compromised. unlike a personal computer or phone which the user is more likely to notice when they perform improperly, compromised iot devices may go unnoticed for longer periods of time. in september 2016, level 3's threat research labs began tracking a family of malware targeting iot devices. they were leveraging the infected devices to create ddos botnets impacting not just those devices but potentially anyone on the internet. the malware has affected nearly 2 million deviceors the internet. it resulted in major multiple websites going offline and the new attacks are alarming for their scope, impact and ease in which the attackers have employed them. also worrisome is these attackers relied on just a fraction of the total available compromised ito nodes nrd to
attack their victims demonstrating significantly greater hack ok for these new threats. level 3 detected approximately 150,000 ito devices to generate more than 5 gigabytes a second. a significant amount of bandwidth. the primary motivation for these attacks appeared to be financial. hackers utilized ddos to overwhelm businesses, threaten to take their business offline unless they pay a ransom for the attacker. in other cases, they are out to create mischief. although level 3 has not been a direct victim of these attacks, we're proactively taking steps to address these. we have contacted manufacturers of compromised devices to inform them of the problem and for them to take appropriate action such as firm ware updates. we've engaged in a public awareness campaign to educate about the risk of botnets and steps they can take to protect themselves. we're also working with our industry partners to monitor
this evolving threat and implementation and mitigation techniques. with the exploding proliferation of iot devices so, too will the threats they pose continue to expand and evolve. it will be imperative to work collabatively and address and mitigate iot security risks that we can reap the benefits of this transformative technology. thank you again very much for the opportunity to testify, and i look forward to taking your questions. >> mr. drew, thank you for taking time out of your schedule to be here. we greatly appreciate it. now turn to mr. bruce schneider, a fellow at the berkman klein center at harvard. lecterer, harvard school of government. thank you for being here. >> thank you chairman walder, burgess and ranking members. committee members, thank you for having me, and thank you for having this very important hearing.
i'm bruce schneier. i am not speaking for harvard or ibm and not sure they know i'm he here. >> it's a secret. nobody on the internet knows either. >> as the chairman pointed out, there are notice computers in everything. but i want to give us another way of thinking about this. this is not a phone. this is a future that makes phone calls. or the refrigerator say computer that keeps things cold. an atm is a computer with machine inside. your car is not a mechanical device with computers, but a computer with four wheels and an engine. and this is the internet of things. and this is what caused the ddos attack we're talking about. i come from the world of computer security, and that is now everything security. so i want to give you four truths from my world that now apply to everything. first, attack is easier than defense. for a whole bunch of reasons,
the one that matters here is that complexity is the worst enemy of security. complex systems are hard to secure for an hour's worth of reasons. and this is especially true for computers and the internet. the internet is the most complex machine mankind has ever built by a lot, and it's hard to secure. attackers have the advantage. two, there are new vulnerabilities in the interconnections. the more we connect things to each other, the more vulnerabilities in one thing affect other things. we're talking about vulnerabilities and digital video recorders and webcams that allowed hackers to take down websites. there are stories of vulnerabilities in a particular account that -- i saw one story, vulnerability in an amazon account allowed hackers to get to an apple account which allowed them to get to a gmail account and a twitter account. target corporation. that was a vulnerability in their hvac contractor that
allowed them to get into target. and these are hard to fix because no one system might be at fault. there may be two secure things come together and create insecurity. truism three, the internet empowers attackers. attacks scale. the internet say massive tool for making things more efficient. that's also true for attacking. the internet allows attacks to scale to a degree impossible otherwise. we're talking about millions of devices harnessed to attack dyne, and that code, which somebody smart wrote has been made public. now anybody can use it. it's in a couple of dozen botnets right now. any of you can rent time on one, on the dark web to attack somebody else. i don't recommend it. but it can be done. and this is more dangerous as our systems get more critical. the dyne attack was more benign.
a couple of wfbss went down. the internet of things affect the world in a direct and physical manner. cars, appliances, airplanes, there's real risk to life and property. real catastrophic risks. fourth truism, the economics don't trickle down. our computers are secure for a bunch of reasons. y in engithe engineers at googl apple, microsoft, spend a lot of time with this but it doesn't happen for the cheaper devices. ms. eshoo talked about this. these devices are lower profit margin that are offshore. there's no teams and a lot of them cannot be patched. those dvrs, they can be vulnerable until someone throws them away. and that takes awhile. we get security. i get a new one of these every 18 months. your dvr lasts five years, your car 10, going to replace my thermostat approximately never. so the market really can fix this.
the buyer and seller don't care. mr. burgess pointed this out. the buyer and seller want a device that works. it's not part of the decision. i argue that government has to get involved. that this is a market failure, and what i need are some good regulations. and there's a list of them, and dr. fu is going to talk about some of them but it's not something the market can fix. and to speak to mr. walden's point. y i yes, a u.s.-only regulatory system will affect the products in the world. because this is software. the companies will make one software and sell it everywhere. just like, you know, automobile emissions control laws in california affect the rest of the country. makes no sense for anybody to come up with two versions. and i think this is going to be important because this, for the first time, the internet affects the world in a direct and
physical manner. and the second point i'll make very quickly is we need to resist the fbi's calls to weaken these devices in their attempt to solve crimes. we have to prioritize security over survalance. it was okay when it was fun and games but now already the stuff on this device that monitors my medical condition, controls my thermostat, talks to my car. i've just crossed four regulatory agencies and it's not even 11:00. this is going to be something that we're going to need to do something new about. and like many new technologies in the 20th century, new agencies were created. trains, cars, airplanes, radio, nuclear power. my guess is this is going to be one of them. and that's because this is different. this is all coming whether we like it or not. the technology is coming. it's coming faster than we think. i think government involvement is coming. i'd like to get ahead of it.
i'd like to start thinking about what this would look like, and we're now at the point, i think, where we need to start making moral and ethical and political decisions about how these things worked. when it didn't matter, when it was facebook, twitter, e-mail, it was okay to let programmers -- to give them a special right to code the world as they saw fit. we were able to do that. but now that it's the world of dangerous things, that it's cars and planes and medical devices and everything else, that maybe we can't do that anymore. and i don't like this. i like the world where the internet can do whatever it wants, whenever it wants at all times. it's fun. this is a fun device. but i'm not sure we can do that anymore. so thank you very much, and i look forward to questions. >> thank you very much. appreciate your comments.
now to dr. kevin fu, ceo of berbert a labs. >> good morning, chairman walden, burge eranking member eshoo and schakowsky and distinguished members of the committee. my name is kevin fu. i represent the academic cybersecurity research community. i am, as you -- at the university of michigan where i conduct research on embedded security. my laboratory discovers how to protect computers built into everyday objects from mobile phones and smart thermostats to pacemakers and automotive air bags. i'm also ceo and co-founder of the health care security start-up berta labs. as related to the recent attacks on dyne, i'll provide a perspective on the evolving cybersecurity risks framed in the broader societal context.
in short, iot security remains woefully inadequate. none of these attacks are new. none of these attacks are fundamentally new, but the sophistication, the scale of disruption and the impact on infrastructure is unprecedented. let me make some observations. we are in the story of deteriorating state because there's almost no cost to manufacturer for deploying products with poor cybersecurity to consumers. as a consensus body or federal agency issued a meaningful iot security standard, not yet. is there a national testing lab to verify and assess the premarket security of iot devices? no. is there tangible cost to any company that puts an insecure iot device into the market? i don't think so. so i'd like to highlight eight observations about this iot in security. number one, security needs to be built in to iot devices, not bolted on.
if cybersecurity is not part of the early design of an iot device, it's too late for effective risk control. two, good security and bad security look the same at the surface. three, the health care community does not issue different advice for flu transmitted by cough versus flu transmitted by sneeze. similarly, both connected and disconnected iot devices carry significant cybersecurity risks so it's important to consider both conditions. four, the millions of insecure iot devices are just a small fraction of what the iot market will resemble in 2020, and it will get much worse if these security problems remain unchecked. five, unlike inconvenient security problems for your tablets or notebook computers, iot's insecurity puts human safety at risk. innovative systems will not remain safe if they are not secure. six, i consider security a
solution, not a problem. better cybersecurity will enable new markets, promote innovation and give consumers the confidence to use new technologies that improve the quality of life. seven, maybe surprise, but over 209,000 unfilled cybersecurity jobs in the usa, and that's just this country. and eight, the nation lacks in independent testing facility at the scale of a federally funded research and development center as a proving ground for testing premarket iot cybersecurity crash worthiness and testing embedded cybersecurity defenses. let me conclude with five recommendations to protect our national infrastructure. number one, incense vise built-in hygiene by establishing milestones, encouraging use of strong criptography. support agencies such as the national science foundation, national institute for standards
technology to advance our understanding of iot security and to train the hundreds of thousands of students necessary for a robust cybersecurity workforce. three, study the feasibility of standing up and independent national embedded cybersecurity testing facility modeled after, for instance, post-incident initiatives such as the national transportation safety board. incident prevention initiatives such as the national highway traffic safety administration, nhtsa, and the survivablity and destruction testing at the nevada national security site. number four, i recommend leveraging the existing cybersecurity expertise within agencies such as nist, dhs and darfa and, five, i believe that universities, industry and the government must find the strength and resolve for protecting our national infrastructure through partnerships and that investments in embedded
cybersecurity will pay great dividends to our society and our economy. i would like to close. just thank you for the invitation to testify on what i think is a very important subject for our country. the committee can also find photos of illustrative iot problems in water treatment facilities, hospitals and more in the appendix of my written testimony, and i'd be happy to take your questions. thank you. >> mr. fu, thank you. and thank you to all of our witnesses. this has been very enlightening. we appreciate your testimony and recommendations for our consideration. i guess i'll start with a couple of questions. as we try and wrestle this issue. over the last six years, we've done multiple hearings on cybersecurity threats to the united states. we've had multiple panels come before us and testify, and i think almost entirely, they said first do no harm. be careful when you lock things in to statute because you can misallocate our resources and our opponents will know what we have to go do and we can't get out of it, and they'll just go
do a work around. so how do we establish a framework that would both be appropriate here but have an effect internationally because we don't make all the devices and we may have market power but we're not the biggest market anymore. how do we create a national framework where the stakeholders are driving this in realtime and we don't do something stupid like lock certain requirements into statute? mr. drew, can i start with you and we'll just work down the panel. >> i think -- i think the best place to start here is with standards. i think the best place to start is for us to define how we intend on solving this problem on the devices themselves. industries has a number of standards but not on how they're supposed to be manufactured to be secure premarket. so i believe if we were to start with standards and apply pressure -- so i'm as an
industry, i am under pressure to implement standards in order to be able to serve businesses and serve consumers. if we start with that standard, we're able to apply that pressure and to the extent that pressure can be applied globally, i think that we can get some traction and some momentum before we have to start regulating. >> all right. mr. steier? >> i'm also a fan of standards. and your question is a really important one. how do you do it properly as to -- >> it's a balance. >> and i think the answer is to make them technologically invariant. i continue to look at the pollution model as something, what works and what doesn't. what works is here is the result we want. figure out how to do it in the most cost effective way possible rather than legislate, leehere' the proerks the technology. it has to be technologically invariant. you had a driverless car hearing yesterday. and it's somewhat similar. we've got to make standards on the driverless car manufacturers
or we're going to assume an environment where there exists, you know, malicious cars out to get you. so we'll have to deal with the rogue devices. we can't assume that everything on the internet or everything on the roads is going to be benign and secure. but standards will rise -- raise the tide. but, yes, we have to do them properly. you do them wrong and it will stifle innovation. do them right it will help innovation. >> dr. fu? >> yes, i think there are ways you can do this without stifling innovation. i believe that a well designed cybersecurity framework will promote innovation. i'll try to avoid the technical side but i'll just say, of course, in coding mechanism would be unwise. if you decide to encodes that all forms must be signed in blue ink, that didn't assume the existence of esignatures in the future. so you should be very careful of including mechanism. however, principles you can encode. i would say that nist has done a
relatively good job encoding principles. there is no perfect standard. but it will be very difficult to build in security if we don't have these principles set in place. and it needs to have buy-in from industry. it needs to have government leadership as well. but it's all about setting those principles which many are known in the cybersecurity. >> most helpful. the extent to which you can think about this some more and give us your ideas on how to actually get it to the right place, because this is my concern that if we're not careful, we lock something and it's so hard to change statute. and we don't want this to be an innovation killer in america. we actually want to lead on this and get it right. i don't think i want my rifridgeerator talking to some food police somewhere. it just is what it is. so we need to get this thing right. so thank you for being here.
at this point, i will return the balance of my time and turn to my friend and colleague who has been very involved in this, ms. eshoo from california. >> thank you, mr. chairman. and thank you, to each one of you, the witnesses. i think you were absolutely terrific. i have legislation that i introduce introduced that speaks to this issue. it hasn't really gained much traction. but what you said today i think put some wheels on it because it is about security without damaging innovation. we do -- we talk a lot about the attacks that take place, but we don't really focus on prevention. throughout the valley, silicon valley, no matter who i've met with, i've asked them the same question. what would you do about this?
and to a person, they've spoken about hygiene, the lack of hygiene in systems, number one. and number two, the lack of good, solid security management. i don't think -- let me put it in the positive. i think we need a good housekeeping seal of approval on this. and i think that, and my bill called for nist to set the standards, not the congress, because we really don't know anything about that. and we missed the mark, we'll miss it by a wide mile. exactly. so, i also think in listening to you, especially mr. schneier, this is an issue that should be included in national infrastruct are legislation because this is
part of our national infrastructure. and it deserves the kind of protection that you spoke to because, as you said, everything is a computer. it's not just the computers over at the dod. we're carrying them around in our pockets, driving them, et cetera, et cetera. so given that, what is the framework for it? how would both mr. schneier and dr. fu and mr. drew, what would it look like? what would it look like? we place -- i'm giving you a blank slate. what would you write on that slate to be placed in the national infrastructure bill? >> so -- >> whoever wants to start. mr. schneierp? >> i think we actually need a new agency.
the problem we're going to have is that, you can't have different rules if the computer has wheels or propellers or makes phone calls or is in your body. that's just not going to work. these are all computers. we're going to have to figure out rules that are central. >> we have a continuing new-new majority, so i don't think they want to create an agency, but this -- >> for every one we create, we delete two. >> they don't like that stuff. >> so i think -- new agencies, new regulations, we're dead in the water. but we can't leave this issue to be dead in the water. our country deserves much better. and so i'm really not joking. i mean, it's a little bit of fun, but -- >> i understand, but i actually think it's not going to go that way. i think government is getting involved here regardless. risk it too great and the stakes
are too high. nothing motivates a government into action like security and fear. 2001, we had another small government, no regulation administration produce a new federal agency, 44 days after the terrorist attacks. something similar happens in the internet of things, and there's no cybersecurity expert that will say, well, sure, that could happen. i think you'll have similar response. so i see the choice is not between government involvement and no government involvement. it's between smart government involvement and stupid government involvement. i'd rather think about it now, even if you say you don't want this because when something happens, and the public says something must be done. what do you mean 1,000 people just died? that we have something more than, i don't know, let's figure it out fast. so i agree with you. i'm not a regulatory fan.
but these are the world of dangerous things. we regulate dangerous things. >> dr. fu, can you do something in five seconds? >> i would just say we're going to have some serious trouble if we we don't answer these questions. i fear for the day where every hospital system is down, for instance, because an iot attack brings down the entire health care system. i think you need to spend more time on the premarket. i know from my working with manufacturers that the engineers there are brilliant and often are not given the time of day from their executives and resources to do their jobs. what you need to do is give those people who can do a good job at those companies, the ability to do so and then incentivize their -- >> i would point out we're all engaged in this, both sides. my friend and i have back and forth from time to time and she likes to characterize what we're for or against but we're all
committed to try to find a solution and this is bipartisan. we appreciate your testimony. we scheduled this hearing back in october right after after the attack and as soon as we were back in town we're having it. we'll continue to march forward. with that i'd turn to the gentleman from texas, mr. burgess. >> it's a fascinating discussion back and forth. before i knew about the internet of things i was invited to microsoft to in washington and they showed me the house they had, in fact the house is named grace and grace new you were coming and set the thermostat for the temperature you wanted. as you came into the kitchen, grace might suggest a meal for you. like mr. walton, i worried that grace's refrigerator would communicate with the bathroom
scale and lockdown the blue bell ice cream on me -- it's an interesting world in which we've arrived. mr. drew, really fascinated by your comment in the written testimony about the incentive for someone to do this in the first place. we've all heard since 9/11 sometimes you've got to think like a criminal or terrorist in order to outsmart them. you referenced the montization, i don't even see -- i get on ransom ware you have to come up with bit coins to some dark website. how do you monetize your doorbell is conversing with twitter. >> we're seeing in these bot nets, they are operating hundreds and thousands of nodes and renting all small portions to attack websites and hold
websites for ransom. if you don't pay me $20,000, your website will be offline for the next three days. very successful enterprises, 45 attacks a day -- >> that is happening right now. >> right now. >> and i know you're not in law enforcement. what was the response of our law enforcement agencies that are supposed to be enforcing the laws? >> they are working very diligently to identify the operators of the bot net as well as the renters of the bot net to -- as well as making some arrests in those cases to be able to curtail this. but my -- what we've seen is the iot of things has changed the nature of the game of this to where it's much easier to break into devices and they go unnoticed for longer periods of time. >> this is one of the things that bothers me about this until we had this headline grabbing attack because it was just so massive, you don't hear about someone being busted for holding
someone hostage for $17,000 so you unlock their hospital records or whatever was going on. one of the things that is -- public aware, practice good hygiene, can't have your pass word as password or 1234. there needs to be a societal understanding of reporting the crimes when they occur and to some degree these need to be publicized. heard that there's a risk that a hospital that gets stuck with one of these things, simply embarrassed and they don't want to go public with the fact they were hacked and pay the $17,000 given instructions how to get the bit coins and where to deliver them. that is easier than going to law enforcement and dealing with all of the things that would happen with law enforcement.
that's absolutely critical. then never in any of the discussion of this that i've seen so far has there been really the discussion of what happens to people who are caught who perpetrate this. it should be swift and severe and public. i suggested another hearing shot at sunrise and i'm not trying to be overly dramatic but if you lockdown an icus medical words and patient dies as a consequence, that is a capital crime. so anyway, i know we're not going to solve all of the problems today but i want to put those concepts out there. this is relatively new for most of us. one of the things i like about what the subcommittee did on data security was on data breach notification was don't prescribe the technology because the
technology changes much faster than congress. i'm nervous too about creating new federal agencies. the concept that we could delete two federal agencies for every one we create, i've go two to recommend to the league quickly but i know standards need to be there. we've got an a massive job as far as informing the public and that's part of this hearing today and i hope we carry that forward quite seriously. i'll yield back. >> so let me ask, you talked about how markets failed us and government has to play a role but i'm wondering from you and anyone given that computers are u bik tous and your example that
got into the target through the hvac system is -- is there a rule for consumer action or is this beyond us now for individuals to actually play a role in not -- in security? >> i think there's a rule for some but we're asking consumers to shore up lousy products, it shouldn't be that there are default passwords and have to worry about what links you click on. these devices are low profit margin and made offshore. the teams that have to make them disband and buyer and seller don't care. this is -- i might own this dvr, you might own it. you don't know if it was used. you don't know if it's secure or not. you can't test it and don't
care. you bought it because of the features and price and this is an externalty, the fact it was used by this third party -- not him but third party to attack this other site and it -- it's not something they can solve because the market is not involved in that. it's putting a sticker on, this device cost $20 more and 30% less likely to annoy people you don't know. i'm not sure i'm getting a lot of sales. >> 2015 the federal trade commission suggested best practices to address security vulnerabilities, for example, device manufacturer should testify security measures before releasing products, minimizing the data they collect and retain. and frankly, it seems surprising that manufacturers are not
already taking these steps but you're saying that right now there are no real incentives. so is that what we need to focus on -- >> i think we get it right the technologyists will figure it out. these are solvable problems and incentives aren't there to build the security there. we incentivize price and features, that's what we buy and that's what we can see. i don't think i can get consumers to pry open the hood and look at the details it's beyond consumers i know and shouldn't be their problem. shouldn't be something they have to worry about. >> let me ask mr. drew and there fu if you want to comment on that. >> from a business perspective, there's a lot of incentive that
it follows specific standards before i put them in the network. i'd like to see more in that area than there is today, i do provide that incentive to those manufacturers, consumers don't have that. they have the incentive of public events. and in the internet has been adaptable and flexible to that. when there is a large sort of trip over security, they become more aware and push those demands back to the manufacturers by purchasing products they feel more comfortable with. i'm going back to standards and certifications and standards, you see that seal of approval on the device and that's a device that will be more protected because you don't want the refrigerator talking to the scale or doorbell. >> let me interrupt you, my time is running out, i would like dr. fu to join in.
>> i would paint a darker picture. even if consumer wants to have -- not many consumers are where they need security but when they even want security it's hard to get. let me take the example of the hospitals asking questions about why ransomware gets into hospitals, it's not because they are not clueful about it. they can't get the manufacturers to provide them with iot medical devices that can withstand the threats of malware. we think it should be built in and public good. how much are you going to pay for it? everything will be driven by economic factors and i think the problem is that the consumer group thinksz that it ought to be a public good and from the manufacturing standpoint, how much are you going to pay for it? that's a question that needs resolved. >> thank you, i yield back. >> the gentlelady yields back and the chair recognizes the
gentlelady from tennessee for five minutes. >> i want to go back. i mentioned the sisco stats and they rolled out of my mouth the wrong way. we're currently at 3.4 iot devices per person. by 2020 we'll be at 50 billion iot devices and that is the magnitude of this vulnerability that we have because we're seeing it across our entire economy as we move from a physical application to the virtual space and professor fu, i want to come to you, let's stay with the medical device component because of the area i represent, nashville area, there's a lot of health care
schematics and health that is done utilizing iot devices in the medical field. as you look at the security, of course that's -- you look at information share and vulnerabilities and you mentioned in your testimony going back on pages 5 and 6, iot devices tend to have safety consequences or involve physical manipulation of the world that could easily lead to harm and then you go on to say a number of hospitals expressed concern about the iot devices. so talk to me about mitigation strategies and what you see with these devices and then what special considerations must be given to health care technology and to the medical devices and how should we go about addressing that. >> thanks for the question.
unfortunately i don't think i'll be able to give a satisfying answer. if you were to be a fly on wall in the board room when the hospitals are discussing the topic of how the iot security affect their assurance of the clinical operations being continue uous, at the moment they don't have a plan. it's more we need to get a plan. it's usually some of the security officers saying we don't know what we have in the hospital and don't have a good inventory. we have a lot of contraband coming in, shadow it, and the shadow it that comes in, it's a clin igs, who accidentally connects to an important network but maybe it's a music player that is simply providing comfort to the patients during surgery and they don't realize it's introducing new safety and security risks because they don't have the security baked into these devices. so the iot risk is more about
having unvetted assets coming into a very safety critical arena. they don't have a good answer because it's not built in. >> then let me go to mr. drew and the article in the "new york times," that i'm sure you all saw and are aware of, secret back door and u.s. phone sent data to china. >> yes. >> mr. schneier, i assume you read that. this is the kind of thing consumers are unaware. if you take a device like that and then you have the concerns if it does get into an environment such as a hospital or a medical facility with patient information things of that nature, so these malicious
actors are out there and with the vulnerabilities of these i.o.t. devices you have these concerns that are going to manifest themselves. how do we make sure that the consumers and users are alerted to the vulnerabilities in the software and in these devices when they purchase them so if they get something like this, they know to get rid of it. mr. drew? >> i would say that the biggest benefit of i.o.t. devices, the reason they can get compromised so quickly, they all look the same. a device manufacturer, all of the devices look the same, not configuring the operating system at all. they get compromised very quickly, very wide scale. having the devices ability to auto patch. when a new exposure comes out that device can call home and
get a new software update and update, that is the thing that keeps that infrastructure healthy. >> yield back. the chair now recognizes the gentleman from new jersey, ranking member for five minutes. >> thank you, mr. chairman, i wanted to ask mr. snier a couple of questions, looking at the attack on dine three weeks ago, i'm concerned some people may dismiss it as only a few websites going down for a few hours. in your view, what does the attack on dine expose about cyber security generally and why are these attacks moving from benign to dangerous? >> it's really what i talked about the world moving -- the internet becoming something that affects physical world and computers are the same. we're talking about these computers in our phones and in our computers, it's the same
computers that are in these cheaper and smaller devices. while the software and engineering is the same, there's a fundamental difference between your spreadsheet crashes and you lose your data and car crashes and you lose your life. the computer is the same, software is the same. effects are night and day different. as these computers -- i live in minnesota, have a thermostat i can control from my phone and if someone hacks it, they can -- not this weekend but in the middle they can burst my pipes when i'm here. that's real property damage and that's different than a few websites going down, which i agree, dine was benign and annoyed people for a while, didn't hurt anybody. we're talking about hospitals and seen ddoss attacks against 911 services and critical infrastructure and power grid,
telecommunications network. these are systems that are being controlled by computers and hackers break into a dam a couple of years ago, didn't do anything but next time might get lucky. we had russia attack ukraine's power grid. these are now tools of war and of national aggression. even the attacks against our election system, which in the scheme of things pretty benign, might not be next time. had a piece in "the new york times" that talked about you need to think about this now. election machines are computers you vote on. let me get to that and leads me to the next question. the insecurity of devices connected to the internet stems from market failure and you compare the problem to a visible pollution. i'd like to better understand what you mean. can you expand on the market failure at play. how are these insecure devices like environmental pollution? >> because the insecure effects
are often not borne by the buyer and seller. the person who bought that dvr and still using it next five or ten years will not bear any of the costs of the ip security. the manufacturer and the buyer too reap the benefit. it was easier to make because it was insecure. there is a societal cost it can be used to attack others and use in conjunction to cause other insecurities. like pollution, it's something in the environment that neither the buyer or seller when they enter the market agreement to purchase the product will fix. i think the solutions are along those lines. we have to think about what is the risk to us as a group. what is the national security risk to this? there is one but it's not going
to borne by the person who bought that. it will be born by all of us, it's incumbent upon all of us to secure against this risk. that's i think the solutions are very similar and in conception. >> let me issue one last question, you seem to believe regulation of some kind might be part of the solution but i've heard some of the scc argue that regulation or devices connected to the internet will con strain innovation. would you agree with that? >> yes, it will. i don't like that. but you cannot build a plane and fly it. you can't, it could fall on somebody's house. you might not care -- might be a drone, but we societally care. true for medical devices and dangerous things. and it might be that the internet era of fun and games is over because the internet is now dangerous. we haven't talked about actual
robots. but a robot is a computer with arms and legs that can do stuff. and i personally don't like killer robots, i think they are a mistake and we should regulate them. so yes, this is going to constrain innovation, it's not going to be good, i'm not going to like it but this is what we do when innovation can cause catastrophic risk and catastrophic risk here, crashing all of the cars and shutting down all of the power plants. the internet makes this possible because of the way it scales and these are real risks. >> thank you, mr. chairman. the gentleman yields back and chair recognizes the gentleman from new jersey for five minutes. >> thank you, good morning to the distinguished panel and i
certainly agree with congresswoman eshoo this is an extremely important topic. from your observations and recommendations, eight of them you have given to us. i would like to concentrate on three of them. you state at a security needs to be built into the internet of things devices not bolted on. and could you expand on that as to how you think that might occur that the security occurs before the device has been manufactured. >> thank you. so, we often when we talk about security problems and media and news, you think this was a poorly implemented product, where in fact it was a poorly designed product and there's a subtle difference. if you don't get security built into the early design of iot devices, it doesn't matter how smart the engineers are, they will never succeed at creating a
secure device. that's why you need to build it in. if you have this residual risk that you then hand off to the consumer there are some sweet spots where you try to mitigate after the fact but it's extremely rare and extremely hard -- >> how do we do that? how do we build it in initially? >> there's actually quite a bit of -- this is going to get deep into engineering. in one sentence it's about hazard analysis, all about understanding and ee numrating those risks and have the manufacturer choose which risks to accept and which to mitigate and which to pass onto the consumer. >> can that be done through the consumer market or would it require governmental control? we have mandated of course, air bags in automobiles, seat belts in automobiles to be built into the automobile initially and not
to be added to the automobile. is it your recommendation this will require some sort of governmental mandate or not? >> i do believe in the long term this will likely require some type of governmental mandate because in my experience working with the industry, even though they mean well, even the people who can do it don't have the authority to do the right thing because they don't have the economic drivers -- often have different constituencies within each company. let me cite an example from the medical world. we didn't think about the safety of over the counter drugs until 1982 with the cyanide poisons in chicago. until that day, consumers had quite a bit of faith. we haven't seen that moment for iot but know that is there and it can cause harm. >> thank you, moving on number four of your observations, for devices already deployed we should take some comfort that millions of insecure devices are a small fraction of what the
market will resemble in 2020. i suppose you mean by that that this is just at the beginning and there are many more by 2020? >> that is correct. i would say -- on a positive side, it means if we take an action now, we could actually win this and eco system. even though there are terrible problems today we can fix it. we shouldn't give up hope. >> can you give us a rough estimate? if we have x number of devices now. how many will we have in 2020? >> i've heard the number double in the last 62 minutes from 20 billion to 50 billion, somewhere between 20 to 50 billion is a reasonable estimate. >> i see. then number 7 of your observations, tens of thousands of unfilled cyber security jobs existing approaches are insufficient to train a large
number in the workforce what it needs in the air. based upon experience at m.i.t. and ann arbor what do great universities need to do and what do we need to do at the level of community colleges. >> they play a very important role as we develop the different kinds of skill sets. there are 209 unfilled positions as of a year ago, over a million globally. the problem is i think universities need to shift and abapt to the changing marketplace. right now we're overrun with students. we cannot teach the number of students who want to take our security courses and we're still not meeting the needs. in michigan, for instance, we have the automotive companies talking about 30 unfilled positions and wondering why no one applies. >> thank you, my time has expired. i hope to continue the
discussion with all of the distinguished panel and particularly with you dr. fu, thank you very much. >> the chair recognizes the gentleman from california for five minutes. >> i thank the chair and panel. this is why i love this subcommittee and this committee, great stuff happening. i'm going to start with mr. drew. in your testimony, you noted that about 2 million of these iot devices have been affected by this bot. bot net and only 150,000 were used in the attack. that means there's 1.58 million left. are they still capable of carrying out new attacks or have they been neutralized? >> we have taken the internet as a whole has taken steps to try to neuter portions but it's still a 1.5, 1.6 million strong node bot net. >> and they can attack not just dine servers but real physical devices, is that right? >> correct.
the one fear about bot net like this they are capable of doing a shaped attack, meaning that the operators of that bot net are able to generate any protocol or application they want from those machines to be able to direct attacks of very specific nature to their targets. >> we have a sword hanging over us right now? >> i think the saving grace so far is that no one has been able to afford to rent all 4.7 million notes, 80 to 150,000 at a time. our biggest fear is another adversary begins to adopt attacks that follow a similar nature. >> mr. fu, in your testimony you recommended we should inventivize biltd-in security. what type of incentives to you believe would be effective to prevent the risks that you've
outlined? >> i think it all kamz down to accountability, whether it be economic accountability or liability. right now there just isn't any kind of tangible cause to manufacturer to deploy something with security and no benefit this they deploy something with good security. >> thank you, i want you to answer with yes or no, a wide range of products, would it be feasible to create one set of standards for all iot devices? >> yes. >> no. >> no. >> in the alternative, the federal government could establish minimum security standards for iot devices and direct the relevant agencies to provide additional sector specific requirements. would that be feasible, yes or no, please? >> i'm sorry, i missed the
question. >> well since there's a wide range of products, might be feasible to ask different agencies apply specific standards to those devices would that be feasible? >> absolutely, it would allow to apply specific requirements and regulations to the area in which those devices operate. >> no because devices do multiple things. i think it depends. mr. fu, so many questions, so little time. you said that there's no cost for devices with poor security, that's pretty clear but iot security is a solution. it should be a solution, not a problem. could you expand on that a little bit? >> right, so my fear is that consumers will not embrace
technologies that improve the quality of life in the future because they don't trust it will be safe. it won't take too many more horror stories before people go back to analog ways. so i've used security as a solution enabling innovation. in the short term i would agree with the other witnesses you may see a short term problem because you've be interrupting the life cycle but in the long term we'll see it producing new innovation just like with the car safety regulation many decades ago. >> very good. now, you also said devices should have strong crypto security. isn't that asking a lot for them to incorporate strong -- >> stop leading me, bruce. crypto, you can implement crypto on these devices but there are medical devices where it is more
challenging. cryptography draws more electrical power and can reduce the battery. it does cause this risk question but in the general case, i think it's almost always the right answer to employee cryptography. >> i yield back. the gentleman's time has expired and the chair recognizes the gentleman from kentucky for five minutes. >> appreciate you being here. thank you, mr. chairman. this has been informative. when i get memorandums getting ready for a meeting and uses bots, my eyes glaze over but this is important and it's interesting and i've appreciated you moving forward. one thing mr. lance asked one of the questions i was going to ask and let dr. fu finish a thought. when we write the legislation or law that we're going to have to adjust this if and when we do that we can't be too priptive
because sign in blue ink example you use. i certainly understand that and think a lot of things we've done in legs lating for the agencies and they say everything will go in good faith but we have to be careful to make sure as we've seen in a lot of other areas when an agency gets leeway they go farther than congress wants them to go. they are asked to be more specific as we move forward. we have to find the right balance in that. you were talking about i'm interested in auto industry and computer science technology and jobs available. you were talking about the auto industry and 30 full-time equivalents and time ran out and you didn't finish. do you remember that thought? >> sure, michigan is now a state with a quite a bit of manufacturing and they are trying desperately to hire experts. they tend to quit fairly often to go get other jobs. you've got to understand at the
career fair you'll see a line for silicon googles and facebooks of the world. for the other industries, it's very difficult to compete for the talent, not only because of the insufficient number of qualified skilled workers trained inappropriate security. but because the competition is so great. >> hence the one of the major company industrial -- general electric adds about -- when the young woman going to work for general electric says i'm going to work for high tech, you're going to work for general electric. maybe that's why they are pursuing -- >> they are trying to get people to work for them. >> absolutely, because they are. >> as a matter of fact, they make refrigerators outside of night district in louisville and they are very high tech. i can't operate the refrigerator -- >> mine tweets so -- >> that's what they do there. >> in your testimony you start
with the basic premise that cyber security threats are constantly evolving. one of the issues is the identification of vulnerabilities. can you tell us how vulnerabilities are shared nowadays and if you have any recommendations moving forward on information sharing? >> sure, so there are many different ways to share vulnerabilities in the consumer world, for instance, there's the u.s. sert, a coordinating agency, works in concert with idaho national labs and other places to collect information from security researchers and provide it to manufacturers, others are bug bounties, rewards, directly between the researchers and companies and third way that's becoming a little more disturbingly popular is to drop it in the public before there's a chance to deploy any mitigating control or evaluate whether or not it's
true. >> you talked earlier about the hackers will look at the least secure device and get in through that way. what is the general level of security included in consumer grade, have the recent attacks prompted any conversations that you're aware of about the security included in the devices with manufacturers? >> i've seen no good news about any security in any iot device. even on my home, anybody can break in and take complete control. this was a device i picked up in one of those big box stores. i have no good news on the security built in to iot devices today. >> mr. chairman, that concludes my questions, i yield back. recognize the gentleman from new mexico for five minutes. >> thank you for holding this hearing. as we know this is a important discussion since the proliferation of cyber attacks recommendation a serious
challenge to both our digital and physical space. we saw the proliferation of cyber attacks this year all across the country including with foreign actors as well called out by our national security teams. pertaining to the development of internet of things that provide robust and important infrastructure for america, there's going to be more dynamic networks that will result from that. dr. fu, you talked about shadow devices, currently losalamos is looking to monitor and protect against malicious attacks. it addresses the issue of dynamic with devices joining and leaving and ever changing networks to detect and respond to malicious behavior. can you talk about the importance of us moving in that
direction as well and developing this, maybe looking to national assets like our national laboratories and what we can learn there for transfer opportunities, whether in a secure space or open space to help with these endeavors? >> well, i think what i can do. there's -- nist has a document to talk about how to do the security well. one is you have to know your asset is at risk. it sounds like that's what you're referring to. the second is to deploy compensating controls that match the specific risks and the third one we often forget as consumers, continue to monitor effectiveness and it gets to the threatening landscape, it might be effective, might not work at all. here's why i'm skeptical of agencies that claim they know all of the networks, i know as i fact that most hospitals refuse to look at the security of their most sensitive networks because they are afraid of tipping over
things like linear accelerators and very sensitive machines. they have actually rebooted from very simple security products. so if you're in a facility with nuclear material, i would be skeptical of a claim where they've thoroughly embedded the systems to see how well they survive unless they tip something over. >> is there a benefit with working with national assets? >> i think there can be a benefit for safety critical issues for places like lancasterilanol, there is expertise in embedded security. many of the national labs, however, this is a very interdisciplinary problem. i've seen this come out already and my vulnerability reports to different agencies and tell me i don't have an in-house expert on that health care situation. let me try to help you and usually have a difficult time
finding a partner. >> mr. schneider, as more and more of our finance infrastructure is brought online, the things connected to networks will need to be secure from inception to delivery. are you able to speak specifically to what we can do with securing the technology foundations and supply chains through internet of things, through semiconductor chips and secure iot device operating systems and protocols or secure device access management? >> so this is actually, part of the big problem, security has to go all the way down. someone there who left talked about that phone that serp tishsly, will send copies of your text messages to china. it was cheaper but you're not going to go. that could be the software, we're worried about switching
equipment that comes from china because we're worried about the hardware. these are very complicated questions. any place in the stack we can cause an insecurity that affects the others. this is i think an extreme worry some issue when we deal with global manufacturing. this is a device made in china and many are made in countries that might not be as friendly to us at all times as we'd like and while we have tech that will detect these things, it is an arm's race and right now there's an edge on the attacker. it is easier to high a vulnerability in something like this than it is to detect it. now, we also use that. the nsa uses that to spy on our enemies, there's good here too
but i think by and large it's dangerous for us. >> mr. chairman, maybe submit a question to maybe expand the foundries pertaining to hardware and have an expanded conversation in that space. >> be happy to. >> the gentleman's time has expired and the chair recognizes the gentleman from texas for five minutes. >> i thank the chair and welcome mr. drew and mr. schneier and dr. fu, last night i lost a little sleep preparing for this hearing, all because we focused on september 21st of this year when a bot net launched a strike that on the crest on security over 600 gig ga bits per second swarmed them and then a month
later, october 21st, the same bad actor went after dine. after nine years in the navy, as a naval aviator, eight years working for two texas senators and four terms in the house, i know the biggest threat to our security and our prosperity is not bombs and missiles, it's cyber attacks and cyber security. ones and zeros. what bothered me most about this year, the attacks the security was exactly what coach mchue told me when i was 9 years old on the football field. here are the defenders, two there, swarm them, we'll score touchdown,s that's exactly what they did. nothing hard, nothing new, yet they had success of having 600
g gigabits per second swarm security. in this environment we can't be reactive. we have to be proactive. our government has to be proactive. i said the word government and said pro active, look around the room here. people shook their head and smiled and they know those words don't go together but somehow we have to come together to address this problem. dr. fu, i love your term about we have built in -- not bolted on. i know mr. lance has -- i want to further elaborate, you ran for congress and you won, you're a member of this committee. how would you ask what do you think we should do to help out our american economy and make sure we control attacks and be pro active instead of reactive. what's our role here in d.c.?
>> all right, thank you. let me first correct the built it in not bolt it on is a phrase my community has been using for many years, including mr. schneier is behind that quite a bit. to get out in front of this problem and be proactive, we haven't done what i would consider -- if i were talking with students, you have to do the prelab before you do the real work and the prelab is going out and getting firsthand information from some of these constituents. i'm doing that and that's where i'm getting my firsthand information from the executives themselves and engineers. i'm just picking up horror story after horror story. i can't relay that to you. this this manner, i think that needs to happen and there needs to be congressional visits to these sites and they need to go to universities and see where struggles are happening and what are the barriers.
>> i believe after you see the problems i'm seeing you'll start thinking about we need to have incentive systems built in economically. i don't know what they are going to resemble. could they be financial penalties? maybe. is it more about corporate liability? perhaps. i know we need more doing congressional visits to the sites to understand where they are going. >> congressman drew, your concerns about that, how would you write the laws to help your organization overcome this incredible challenge we have with cyber attacks? >> i agree entirely with having right incentives to make sure -- on the business buying technology or whether i'm a consumer buying technology we have the right incentives
whether economic or liability or regulation. i completely agree with that mindset. and i do think that there's a significant number of existing frameworks with regards to each of those ideals around health, safety and convenience and use with regards to these threats and as well as where with regards to these technologies. >> very quickly. your comments about how would you approach this from a federal government role? >> i think you have a serious problem here and we have it in a lot of areas. we're now at the point with the speed of technology exceeds the speed of law. used to be laws could lead technology and now it's reversed. we need to figure out a regulatory structure that's technological invariant and we can't focus on technology and rely on them but focus on people and incentives was that's what's invariant. technology will change. the d-dos attacks are
kindergarten stuff, not so fis it indicated and highly effective. the sophisticated stuff is worse. >> the gentleman yields back and the chair recognizes the gentleman from ohio. >> thank you, mr. chairman and gentleman for joining us today, i was having spent nearly ily 3 years in technology, i only get to the technical aspects of some of the things we're talking about this morning, particularly traditional d-dos attacks versus device connected attacks. mr. drew, as i understand it, these d-dos attacks have been around almost as long as the internet itself has. they've certainly gotten worse over the past few years but at least for traditional d-dos attacks we know how to defend
them against using techniques like black listing or white listing and inspection among other techniques. can you tell us a bit more about those defensive techniques and why they've been successful in defending against traditional d-dos attacks. >> i'd say about every three years or so we encounter an evolution of capability with regard to dos attacks. every three years or so we have somewhat of a backbone impairment event on the global internet resulting of adversaries developing new capability based on new weaknesses or technology and directing that to the backbone. so i'd say the community at large has been fairly proactive as well as reactive in investigating what the bad guys are doing and shaping and making
sure our capability to respond is built into the platform or in some cases bolted on the platform by redirecting traffic and scrubbing it. i'd say what scares us about iot attacks, the enormous potential scale. the typical bot net involved over the past handful of years up to a decade has been in the tens of thousands. we now have a potential of devices in the millions. and network capability for filtering and scrubbing is not scaled at that sort of a factor. it's something we're taking with great notice and great pause to make sure we can invest in our capability and technology to prepare for that. >> is it safe to say the majority of these defensive techniques have worked because they target the way that traditional d-dos attacks use spoofing and a.m. my fiction? >> i'd say that with regards to
what the traffic looks like itself, meaning how that traffic is executed upon the victim, there's been slight evolutions in the way the way that traffic looks but for most part the definition that is has an upper and lower control that is fairly well understand. the technology is geared to operate within that sort of control parameter. it's really the big issue is the scale in which the devices are coming at that victim and being able to launch those sorts of attacks. >> so to get kind of to the heart of the matter of why we're here today, from what we've been told, this bot net doesn't use spoofing or amplification. >> it uses a shape attack.
>> and instead the bot net is built out of these individual connected devices and you say now there are potentially millions of them out there, that are so numerous that spoofing and amplification aren't even necessary. >> now with devices like this, you don't need that. >> we need to dig into this a little more then. we were talking about defensive techniques before, most of those defensive techniques seemed to rely on d-dos attacks that use spoofing and if a d-dos attack doesn't use that and you begin to elude to it a little bit, how do techniques like ip address or
packet inspection work and how effective are they? >> i would say more effective on nonspooked traffic. the overall capability to inspect and mitigate is more capable when the traffic is not spoofed. again, i'm going to go back to the scale issue. is a lot of that technology is built for the hundreds of thousands of inspections at the same time as opposed to millions of inspections at the same time. >> my time is expired but i guess it's safe to say. we have a lot of work to do and stay on this because we have to develop new techniques to handle this new threat, correct? >> absolutely. >> mr. chairman, i yield back. >> we recognize mr. long for five minutes for questions, please. >> thank you, mr. chairman. mr. drew, i understand that newer brand-new devices are generally safer and less
vulnerable to cyber attacks. but how much blame would you put on low end manufacturers cutting corners on security with a type of attack that happened in october? >> with respect to the attempt in september, a lot were low end manufacturers from other countries. we spoke to a vast majority of those vendors and they had not contemplated the idea and some were mortgage fied and others had no interest in deploying because they had every belief that consumers would continue to purchase their product. >> okay. this is directed to all of us, start with dr. drew since he's teed up here. what are some ways hardware and software manufacturers can band
together to prevent an attack like the recent one? >> so -- >> we won't start with dr. drew. >> that's fine, i was just -- >> okay, were you referring to me? >> he's dr. drew, i'm mr. fu. >> together we're interdisciplinary and i would say the key point here is the hardware and software, there's a good -- function follows form. if you look at the educational system, you'll see people trained on hardware and people trained on software don't actually have the closest cultures in terms of education. i think it's going to be important to educate people in a way that brings hardware and software together because otherwise you won't have the workforce skilled and trained to solve these problems. that's something i'm trying to do personally, when i train students, both hardware and software because you just can't
abstract it away. >> i'm sorry, i've got -- i can't see this angle. i need new glasses or different angle i guess. >> i think it's a challenge because it operates in silos, the companies that made dvrs got a chip with software on it and didn't inspect it. and they sold the devices to another company that sold it to the consumer and you have this chain which is very opaque and you could hand off to each other. banding together will be very difficult. and the way we can then do that if i have liabilities that go up the chain or regulations that will effect each other, i'm giving the companies reason to not just say yep, it works, i'm going to sell it cheaply. this is -- it's hard. i don't have a good crisp answer.
>> hopefully mr. drew does. >> that's why we put him last. >> i agree with regards to cheap iot. the focus primarily is on the specific set of applications they are looking to develop. they get hardware from another manufacturer and get the baseline operating system from someone else and develop the application and don't know how it interconnects together as a global eco system. i would say on more emerging iot that is a bit more integrated and capable of being interconnected to other iot devices, we are seeing a lot more disciplined knowledge with regard to marrying hardware and software disciplines together. as well as being able to achieve higher security standards as they interact with each other from device eco systems.
a long way to go but a lot of growth in that particular area. >> let me ask you something else, could the recent cyber attacks been avoided if the targeted sites registered with more than one company that provided the same services? >>. >> presumably yes but we did see that a number of the domains that were targeted, they fell back to another awe authoritative server and he launched an attack. in this case the bad guy was following specific victims and reacting to them as they mitigated and moved. >> i heard you say that earlier in the opening i think. dr. fu, how is that? is that okay? to what extent did the default passwords play a role in the
recent cyber attacks we've been discussing today. >> default passwords played a key role because it was the entry point to take over this army of unwitting agents. default to another industry, other iot products, all passwords are a big problem, the fact that we're either relying on passwords at all is a big problem. >> thank you, my time expired and i yield back. >> thanks gentleman. chair recognizes the gentleman from florida.
>> internet of things, devices, including potential tax on other systems. it appears that one of the reoccurring problems identified in your testimony is use of insecure operating system, which are easier, in fact, to target distribute denial of service attacks. have you seen industry react to these issues and move forward more stable operating systems and are there impediments to making such a switch. >> i have seen industry moved sh but like most communities, there's a wide distribution. there's the leader, maybe not the leader. i still still see windows xp which is a decade old operating system. there's one photograph and a water treatment facility in my testimony controlling water pumps for the city. it's susceptible to lack decade of already released malware.
it doesn't take anyone more to cause a problem. it hasn't happened because no one has wanted it to happen. it's all about the economics. certainly on the high end devices like linear accelerator, you're talking multimillion dollar machines, they're more likely to get the new operating system because it comes with the new system, however, most hospitals have capital equipment cost and they don't want to have to buy a new mri every ten years, should last 20 or 30, this is while you'll still see windows 95 machines, the years important. in hospitals because when they go to manufacturers saying, hey, we want to have a system that they can keep secure, oh, sure, why don't you buy a whole new machine. there was this unwritten assumption that the software will be maintained. it may not not have been written
into the agreement. the health care community felt that it should have been kept secure and kept maintained, but from the manufacturing standpoint, it was -- we provided you this device. >> thank you. >> reports used were situated overseas. while some seek to regulate devices in our own country, how do we protect ourselves from devices that are outside the u.s. if someone wants to chime in, it's okay too. >> let me just comment briefly, i'll let my fellow witnesses opine. >> i think the important thing thing about computer security is not to be able to put yourselves in a secure environment, but you need to be able to tolerate an insecure environment, we'll never be able to make networks, you know, blissful places full of rainbows. they're always be hostile. we need to make sure that
whatever we put on there it will be able to tolerate malicious traffic. they cut out the core where we're at least prepared and that is high availability. >> sm more major markets can cause a new environment, companies are not going to plak two devices and make one device and sell it. so we can make a difference with like-minded countries, we can in so many other industries. we can't assume, ever, that it's going to be a combination of making the devices that we can touch more secure which means they're more minority and building infrastructure control to secure against this malicious minority. it will always be that.
thank you. >> we have fundamental that we can try to route pacts on the bone -- so the more that businesses and backbones can collaborate together on data en route traffic based on reputation, i think the better prepared we'll be. >> potential impakts on hospitals and their patients, we already know that hospitals are targets in other areas such as ran some. question, how can hospital best protect themselves from the current technology and should industry prioritize from preventing current cyber threats. >> in the short term, hospitals are in a sticky place, there's not a whole lot of mitigating solutions, the best medicine is
to really know the inventory of medical devices. i saw some discussion yesterday and just report about a bill of materials and software. hospitals don't know what software is running on the side of the facility because the manufactures don't know themselves. if we knew what was on the medical devices, we can better understand what risk we're taking. i yield back. >> thanks, chair recognizes the general lady from indiana. >> i'm going to follow up, doctor, if you would explain a bit more about what your concern is that the devices that are being used actually in the hospitals -- what kind of mechanism should we have should the hospital systems are flly aware of what's in their hospital. >> hospitals want to make sure
they have continuity of clinical work flow. they don't have to shutdown for several days. and so the problem is, when you don't know what your assets are, how are you going to protect that. if you don't know what courts are open, the manufacturers, they're not, i would say, willfully causing harm as far as i know, they're not providing enough information so that the hospital staff can do their jobs to assure the continuity of the clinical facilities. so providing a bill of materials once it comes on device when it enters the hospital, it won't completely solve the problem, it's going to help you can't do step two until you do step one. you have to know your assets and inventory before you can effectively control mitigation controls. >> while that has life saving or life ending implications, what other sectors are you most concerned about, and this is for
the panel that, you know, the sector integration, so to speak, of devices within maybe the system is not known. >> i'll just say public utilities, water, gas, electric, it surprises me how people laugh about, we don't have security, ha ha ha. we're not going to be laughing when lights go out. >> so i think looking at sectors is almost self defeats. we're worried about interactions. when you ask somebody a month and a half ago whether vuner ability in a web camera can a lot of ways we barely know how the internet works. whether this attack and the answer was we're not really sure. it's the emergent properties of connecting everything that causes vulnerability. focus on sector, you're missing
the big picture. they're all computers whether they have wheels or propellers or in your body. they effect each other on the same internet. i urge you to think wholistically and there are centers that are more vulnera e vulnerable, that's obvious. the cause could come from nowhere. >> mr. drew, question whether or not what your thoughts on as to whether or not hacking back or some form of active fence should be permissible. thoughts on that? >> i know that this has been a fairly large debate -- we have green viruss if we know a particular exposure exist and we know that we can write software to go out and patch the system to get the malware off the
system, then we would be better protecting both the consumer, as well as the internet as a whole. and i think that that is a fairly dark wrood to go down. i think that it's an excuse for us not fixing the ecosystem and providing the right incentives and right location and, po le potentially has impact, the author writing that software, as he's touching a broad set out on the ecosystem. so i would say, i fear more of the kweconsequences of that. >> and going back to the question about whether or not we have the appropriate safeguards in place. we have 209,000 job openings right now, according to the doctor, what are the programs, degree programs or ore times of certification programs that should be offered that we're not
offering enough in our higher end institutions or training programs. >> i think we need all of the above, it's called embedded cyber security. this is related iot bridging the hardware and the software. building cars or designing cars need to know how you build security in that dhiing. there aren't enough -- into that thinking. and final comment, is the pipeline, i think in the engineering and some of the sciences we have difficulty, i think, tracking new resources, different demographics. i think we need to be much more -- much more out reach, the
high schools and some of the kids were coming up to encourage them to go into these fields and, especially, in minorities. >> thank you all for your work. i yield back. >> thanks to gentle lady. >> thank you all for being here. taking the time and elaborating on these issues. -- >> the device manufacturers and the majority of the locations with the devices were located were sworn. you know, most of what we're talking about here today from a regulation perspective wouldn't have direct significant impact on at least the adversary ris that were involved in the october 21st attacks. >> are there any other countries, international groups, et cetera, focused on the security issues right now.
>> i mean, yes, there are a number of countries that are focused on very progressive cyber security controls in great britain, as an example, there's a significant amount of purchasing services you have to be certified at certain security level. >> are you seeing any kind of, any kind of consensus on how to move forward and what recommendations would you give to congress or work together on those issues to help the conversation. >> i -- you know, i'm going to go back to my -- one of my organize points which is i do believe that we are missing, you know, defying the standards in this space, that we can get some adoption around, that we can get some pressure focused on and we can change buying an investment
pattern. i think that by setting those standards and by setting them by both domestic and international groups, whether it's nift or iso, setting the standards so you can force buying behaviors consumers and businesses, i think it will be a major step forward. >> i think innovation is progressing faster than discipline. and, you know, what tends to happen is we go on a bio rhythm of lack of discipline, causing significant unintended and unforseen consequences. our ability to adapt and respond
to those is the thing that's going to keep that infrastructure protected and as well as continue to evolve it. so i think that, you know, the average cso has to manage 75 separate security vendors and that is to build on security controls for products and services that they're purchasing. when we get one of those wrong, there are some significant consequences as a result. and so focusing on making sure that three market controls are placed in that infrastructure is going to be significant win for for us. >> you know, we were human. we write them down. we choose poorly. pretty much any password system
is linked to encourage otherwise secured behavior. there are some technologies out there. there's one company in an n ar r arbor, where you have, for instance, mobile phone in addition to a password. but, at the heart of it we need to figure out otherwise and i'm going to defer to some of the other witnesses for suggestions on that. i feel we really need to retire passwor passwords. we need to kill those off. these are going to bring down our most sensitive systems. >> passwords act the usefulness. and there are other technologies that you can secure with a code that comes to your phone, i can secure this with my fingerprint.
there are many other systems that give us more robust authentication. and i think that would go a long way in a lot of our systems to help secure that. we'll talk about two different ways, talklnerabilitie vulnerabilities. if i can get rid of one of them or reduce it. >> i think the chair, opportunity to ask another question, this one is a little philosophic philosophical. mr. schneider, you mentioned that the attacks are easier than defense on this complex system and making more complexity opens up new vulnerabilities. biological systems working the other way, they build complexity
in order to defend themselves. is there some kind of parallel we can learn from on this? >> in the past decade or so, there's been a lot of research, it's moving the biological metaphor into security. there are some lessons and things that don't work, biological systems tend to sacrifice the individual, i'll say the speecies, not something we want to think about. but there are ways of thinking about a security system, but complexity of a biological system is complexity that's constraint. you know, we all have a different, and that gives us resistance, our species against the disease, you might be able to do that with a operating system, it's going to be billions just suddenly much more expensive like, you know, orders
around the magnitude. a lot of the lessons don't apply. some do. and the researchers are trying to learn from them. and that is kind of the new cool way of thinking and i think there's a lot of value there. but still, complexity, intended consequences -- unintended consequences, attack surface, makes it so that in the near -- in the least or foreseeable future attack will have the advantage. my guess is thereby some fundamental advances into security which will give us, maybe not in our lifetime, but no time soon. >> you had mentioned along this line and i think you had merngsed in response to earlier question about the aton mouse vehicles and yes, yesterday in
our trade center, we did have a hearing on on to no mouse vehicles. where the focus should be as that develop as a separate entity. >> i think it's really interesting test bed for what we're thinking about. i don't know how much detail you went, but what we learn is the vulnerabilities are surprising. it's one attack that used the dvd player as a way to inject malware into the car that controlled the engine. now, that shouldn't be possible, but surprise. and similarly i'm worried about that usb port on the airplane seat, potentially trolling aif i don't knowics, the airline company will say that's impossible, but those in security don't believe it. so, again, the more wholistic we can be, the better. there are going -- always going
to be surprises. to get back to the immune system model, how do we build resilience into the system, how do we ensure that it fails safely and securely. how do we ensure, or at least more likely that vulnerability here doesn't migrate to another vulnerability there, causing something more catastrophic. so the more we can look at the big picture, the less we focus on this or that because it's the connections. and so you think of it as expo ne -- expo -- that's why this is -- that's why complexity is such a problem. >> well, and i posed the question earlier and it's for the three of you who wish to answer it.
>> some multifactorial level of three dimensional. what are the things that you wondered about? >> i would say, the best advancement in the security space for us as an example is behavior analytics. it's being able to monitor the ned work and monitor the enterprise and monitor the infrastructure and look for the hitter we've never seen before to determine whether that's unauthorized traffic or not. no matter what, it's based on bad guy being in the network and so our ability to be more proactive, our ability to get ahead of that attack and predict those attacks before they occur and change the technology before they can be exploited, that's where we need migrating. >> i worry about catastrophic
ris k. >> it was one person had the expertise to figure out how to do, and now anybody can do it. it's unlike my home where you have to brave up the burglars who drive into my home is worth the bother, there's burglar quality. on the internet, it is the most sophisticated attacker i care about, anywhere in the world. because of the way computers encapsulate expertise into software. i worry about the inability to change. i worry about being stuck saying, well, we've never done it that way before. i worry about saying things, that's unprecedented. well, the things are unprecedented. they're going to have to be changes. i do worry we don't have the strength and resol f to do it. it will take some guts, i think.
this is forsight. in a safety world we saw this with hand washing in the 1840s. it was not a thought that crossed your mind. took 16 # 5 years to get to the point -- it's going to take some time for security, but time is right to do something now. >> he also messed up his experiments to write them up well. >> it's been a very formative hearing, seeing no further members wishing to ask questions, i do want to thank our witnesses for being here today before we conclude, i would like to include the following documents to be submitted for the record by unanimous consent, a letter from the online trust alliance, a letter from manufacturers association, a letter from the college of health care information and management
executives, letter from advanced medical technology association. and a letter from cta, rules, they have ten business days to submit additional questions for the record. i ask witnesses submit their response within ten business days upon receipt of the questions. i didn't say it. but. without objection, adjourned.
is be sure to watch c-span washington journal. join the discussion. >> sunday night the author talks about the former federal reserve chair in the book "the man who knew." he's interviewed by senior fellow of economic studies. >> unusual up bringing in the sense they're raised in the 19 # 50s. it was the child of single mother. his father left his mother when
unreliable come see his son and show up. they reinforced they had to live inside his own head. >> sunday night at 9 eastern, go to book tv.org for the complete weekend schedule. >> we're asking student it is to participate in this student's camby telling us, is the most urgent issue for our next president donald trump and the incoming congress to address in 2013. our competition is open to all middle school and high school students grades 6 through 12. they can work alone or in a group of one two three.
>> nuclear fizzist, testified in a senate hearing about the future of nuclear power. they discussed aging nuclear infrastructure, nuclear waste and the adoption of new reacting. this is an hour and a half. previous hearing in september we discussed what actions should be taken to maintain today's nuclear power plants and to ensure our country continues to invest. today we'll discuss the recent task force report on the future of nuclear power from the secretary of energies advisory board.
we'll also discuss basic energy research and development to support nuclear power, work that's being done to safely extend reactor licenses from 60 to 80 years where appropriate and development of new nuclear technologies, including advanced reactors, small mod lar -- mod lar. i'll recognize each senator for up to five minutes for opening at the same time and we'll go from there. he's chair of the advisory board and institute professor at mit. he's former director, deputy director defense. director of department of energy, second panel includes dr. allenizen haur. and oak ridge national
house burn douchb and might buy some fire insurance. so my recommendation is that we should get some insurance in this country against climate change. i think the best insurance in the near term is nuclear power. makes no sense to close reactors at a time believe climate change is a problem. need to invest in the next generation, we need continue to work with regulatory commission and move forward with small mod lure reactors. we take advanced nuclear to support the design development demonstration licensing and construction of first of a kind commercial skill reactor.
dr. eisenhower who is here today, leads consortium of for advanced simulation of light water reactors. looking forward to hearing his discussion of that. secretary mo niece said in our hearing, by the end of the year, the department would begin to process moving forward with interim storage facilities for nuclear waste, solving, that's something the senator congratulated him for and encourage. i'm pleased to report after the hearing the department took the initial step of seeking information on private interim nuclear waste storage sites. we need to move on all tracks to solve it and i appreciate the secretary's attention. senator mo niece -- secretary mo niece took that important step, congress should take the next steps and pass the nuclear waste administration act, introduced
last year by the senator and cat and i, congress should pass the pilot program that will allow the secretary to take title to use nuclear fuel, both the pilot program and funding for private interim storage are included in this year's water appropriation bill, senator recommended in the committee approve. we need to maintain our existing nuclear fleet. we need to extend reactor licenses from 60 to 80 years where it's appropriate and safe to do so. we need to relieve the burdens of unnecessary regulation to use the we've lost another 484 meg wauts of carbon free electricity. in conclusion, i would say this, imagine when united states is without nuclear power, that's
the day i don't want to see our country's future, seems distant and unlikely, but it's a real thread. by 2038 just 20 years from now, 50 reactors will reached 60 years of operation representing 42% of nuclear generating capacity in the united states. so our country could lose about half our reactors with existing licenses can't be extented from 60 to 80 years in those reactors close. are there four new reactors being built all in the southeast, there are eight reactors at seven plants which are scheduled to shutdown by 20, 25. the energy information administration estimates that shutting down these eight reactors, plus the recent closing of fort calhoun will result in a 3% increase with
that i would like to represent the committee's extinguished ranking member for her opening statement. >> thank you very much, mr. chairman. i think you know there is really no one i expect more in the senate from either party than you and one of my great pleasures has been to work with you and most things we have agreed. we do not. i think examining the potential risks and opportunities of advanced reactors is important. they're in competition with other clean energy sources and the 4,400 meg wauts of california's nuclear power, which is in the process of being
shutdown, will be replaced with clean energy and california is going to aim to make 50% of its power all clean power before too long. now. coolant's and moderators instead of water. in 1956 united states navy, the father of our nuclear navy sat in advanced reactors and i quote, they are expensive to build, complex to operate, susceptible to prolong shutdown as a result of even normal functions and difficult and time consuming to repair, end quote.
and strangely enough his words have been prophetic. in 1965, the firming, sodium cool fast reactor went online in southeast michigan, 10 months later it suffered a partial melt down when coolant inland became blocked in the core overheated. it operated briefly again from 1970 to late 1972, when it was shutdown due to cost issues. the plant took 9 years to build and operated for only three years. then in the 1970s, united states spent over a billion dollars on the clinched river -- the clinched river reactor project in eastern tennessee.
something that we go through with uranium and plutonium processing now. president carter, said and i quote. the clinch river breeder reactor is a technological dinosaur. these are the same reactor designs we're still discussing today. then it operated again for three months in 2010, before another accident during a refuelling.
after spending $12 billion building, briefly operating and repairing the facility, the japanese government decided last month to abandon the project once and for all. recent history in the united states is not much better, the energy policy act of 2005 authorized doe to work with industry, to develop a next generation nuclear plan. the plant was intended to process heat and hydrogen for use in industrial applications. the program included cost shared research and development activities with industry that would eventually lead to a demonstration facility. by 2012, this committee had invested 550 million in the next generation nuclear plant and was ready to move into phase two by inviting industry participation.
but not a single company could be found to put up the meager $40 million cost share that was ne needed this congress has not yet gra grappled with the need to find, despite the best efforts of this committ committee. a bottom line fact is that the existing fleet of reactors has generated 77,000 metric tons of highly radioactive spent fuel that staggering amount is
growing by an average of 22 tons per year, even if some advanced reactor designs some day run more efficiently or consume more spent fuel, a future built on nuclear power is impossible if we don't have a solution for dealing with existing waste. mr. chairman, the nation faces real challenges in addressing climate change, grid reliability, increased energy efficiency, a proper mix of generation sources, in each of these areas, this committee funds complex and necessary programs for research. i don't see how we can afford to divert several billion more dollars from these programs in order to explore speculative technologies that the industry itself has shied away from. i think nuclear power must over
come its own significant shortcomings, one astronomical up front costs and, two, waste that is toxic for thousands of years. if nuclear is to be a significant solution to our climate challenges. before this committee besides to devote significant new resources to the development of advanced nuclear reactors, i believe we need to see three things, one, a solution to nuclear wastes, long-term and viable. two, an indication that these reactor designs can over come their history i know that's a tall order, i very much will look forward to the witnesses today. i've known john for a long time.
i have great respect for him and i look forward to listening to his testimony and the others. >> thank you, senator. i appreciate you bringing up climate change, it's happening. i've been on the farm now since 1978 and things are happening that never ever happened before. some of them are good, a lot of them aren't so good.
. the waste is the problem. . we've got to figure out how you can repurpose it and get done. we may be changing co 2. i don't think we want to do that. i think we want to make sure that if we're doing to have something that our kids and grandkids generations from now can deal with. it's got to work. i appreciate the hearing. i think it's a good discussion and i think -- i don't think anybody on this committee and i certainly have the utmost respect for you, mr. chairman, wants us to do something that our kids are going to have to pay for. thank you very very much. >> thank you senator. >> mr. chairman, ready to prosteed to the witness. >> thank you.
usually you're the only witness on first panel and you've worked long and hard on a task force report, plus you've got a lot of experience, if you need more time than that, why don't you take it. i'm here to report to you on this task force that i chaired secretary asked to subscribe to initiative that had the potential of giving the country, the ability to have between 5
and 10,000 gig wauts of electricity built annually in a time period 30, to 2050. many other questions about nuclear power were not part of our task. what would the country have to do to restore the level that, for example, is here. i joined the department of energy in 1976. that was the task force. they supplied community staff. i'm going to focus on the use of the community. what were the messages and then say a few words about five or
six. if you do not undertake a major initiative now. it is inevitable that in 2030, the country will not have it. any such initiative is going to require time, considerable federal resources, redesign of electricity markets, and sustained management. third, there's no shortcut in doing this. quickly, get you safe and reliable nuclear power. those are the take away messages. first, as you know, the nuclear fleet is aging and there have been a number of early retirements. the early retirements are due in
many respect to the rules governor electricity rates and dispatch that differ in different parts of the country which makes it challenging to have value based nuclear power. examples include structure of rates and whole celica passty markets. preferential dispatchers for renewable generation, exclusion from nuclear portfolio standard and rates that are inadequate to ensure. task force report makes it several suggestions for redesign market rate structure, but for existing plans, this has to be done on a state by state basis, different states are approaching it in different ways, new york came to some -- which seems to be suitable for that state. i believe that illinois is under detail discussions at the present time, but fund tally for resisting reactors that
despairty market structure has to be addressed at a state level. it's not going to be changed easily. the outlook for the construction of nuclear plants of the united states and other oecd countries is bleak, primarily because of the high over night cost of nuclear power, roughly $5,000 which makes the levelized cost for the foreseeable future, higher than the closest competitor, which is at least for the time being, with low natural gas prices, the levelized cost of electricity for actual gas. the cost despairty will be greatly diminished for carbon free nature. we recognized it two ways, assessment of the charge based on the social cost odd fossil fuel generated electricity or
alternatively on a production payment to new nuclear plants, recognize that they're carbon free character. that is on the order of 2.7 cents per kill waowatt hour. you note, wind and they have that same carbon free character that indeed, do have an on going through the production, through the investment tax credit, contribution for the tax credits of this country roughly come in with 2.7 cents. that would be a rule that i would apply to all who free electricity generation. the task force actually recommends a two part, it is not only about advanced nuclear reactors. first, are there light order
reactor technology which will lead to new planned construction, lower cost, which have other advantages, such as small modular. so the first aspect, pursue which no longer have unproven technology which have the practical questions of cost, licensing, sighting, waste management. they all need to have a 2.7 cent production payment or its equivalent in order to prove itself competitive with natural gas generation which is generation. for advanced reaction, based on new technology, the task force recommends a four part program to bring an advanced program from the research taking about
stores see practicality of these new reactor i should say to you that when i was in the department of energy in the mid-'70s, the department confirmed president ford's decision not to do commercial reprocessing of spent fuel, and the department continually proposed no additional funding for the breeder reactor, but there was a great effort to maintain lightwater reactor technology in the base nuclear technology for next-generation plants. but there's no question about it, that advanced reactors will have a different fuel cycle, and therefore require different approaches for both licensing and for waste management. that is a part of the challenge of moving to a new generation of
reactors. now, we recommend for the management of this program that we propose, this 25-year, $11.9 billion -- $11.6 billion program -- the creation of a quasi public corporation, bid by congress for that one appropriation for that long period of a difficult technical task going through several different administrations to pay attention and responsibly execute this program. i notice that the blue ribbon task force that you mentioned, that you both support, as i understand it, brent scowcroft represents exactly the same sort, the quasi corporation to carry out the waste management part of this challenge. there may be a possibility for
having a single, as committee staff has suggested to me. quasi public corporation carry out both the waste management piece and the new reactor development piece. the nrc today only has recent experience with licensing lightwater reactor plants. that means if you want to proceed to an advanced reactor, the nrc must develop the capability to do that licensing carefully. it's going to require more time and more resources for the nrc to do that job. we believe, and in our report we discuss -- we had two ex-chairs of the nuclear regulatory commission on our task force -- a staged approach to licensing advanced reactors that we believe deserves attention. some developers may choose to construct and license new advanced reactors in other countries, for example, china. i remind those developers and
everyone here that the first time one of those plants come back into the united states, they will have to go through the whole entire nrc process again. so we will always have the oversight of the nrc prospect. my final point, mr. chairman, has to do with international linkages. for a long, long time, the counterproliferation policy of the united states, where we've been a world leader, has been based on the influence we have through our knowledge and our activities in nuclear power technology. as you know, the plants which are going to be built around the world are not going to be in europe, they're not going to be in the united states. they're mainly going to be in china, in india, in russia, in several countries in asia which this will be their first plant. the emirates, turkey, jordan.
we want to make sure that the proliferation and safety of those -- the proliferation resistance of those plants is maintained. we have a national security interest in maintaining our international activities, especially in safety, in the future of nuclear power. i want to make a concluding remark. the task force completely anonymous of this report -- we had a wide range of different people with experience and backgrounds -- unanimous. especially unanimous on the point that if the united states does not undertake an initiative like this, the nuclear option's not going to be there in 2030. now that leaves open the broader question senator feinstein addressed -- does the country need this? is it a practical thing that we
can do, given the fact that we have a changing administration all the time? and there were very widely ranging different views on that. so, it's not the case that everybody on our task force believes the country must do exactly this, but we all agree that if you don't do something like this, there's no possibility of nuclear power. then there's a set of people that say, well, what is the consequence of not having that base load generation? it will all be done with clean power or renewable sources. differences of view on that, too. it depends very heavily, as this committee knows, on how the grid develops. but let me say it again -- we give you a program to consider, which is in scale in time of dollars -- in the scale of both time and dollars, one way of getting possibly a substantially 30% or so cheaper, not zero cost, nuclear power in the
future. and we raise a warning that if you don't do something like this, the country does not have a nuclear option in the future. thank you very much, mr. chairman. thank you. >> thanks, dr. deutch, and thanks to you and your committee for your leadership. we'll have a round of five-minute questions now, and i'll begin. just to reiterate, today we have, what, 99 reactors, or about that. they produce about 20% of all of our electricity, about 60% of our carbon-free electricity. i know in the region where i come from, the tennessee valley authority expects to have about 40% of its electricity from nuclear power within a few years. and when combined that with its pollution control equipment on coal and new gas plants, it's going to be a very clean, lower cost mix of power.
you're saying, though, that your committee unanimously agrees that if we don't take some action like the one the committee recommended that by 2030, as a country, we won't have the option of having electricity produced by nuclear power? is that what you're saying? >> precisely. let me say to you that when i joined the department of energy, six or seven nuclear plants were being fielded every year. we had four u.s. manufacturers of reactors, babcock & wilcox, combustion engineering, ge, and westinghouse, four competing u.s. firms. that kind of capability is not going to be there in 2030, for sure. no new plants will be built in the united states unless they have a very favorable regulatory
findings about managing the market impact -- the market problems that i mentioned to you. >> so we would lose 20% of what we call our base load capacity, of our electricity, which is base load capacity in this case, and about 60% of our carbon-free. what is likely to replace that, if that were not there? >> natural gas. natural gas. but sir, let me point out to you, you i think said, how many, there are 50 or so plants which are going to reach 80 years of age? >> by 2038. >> and i personally do not think it likely that the companies that manage those plants or the nrc are likely to relicense these plants from 60 to 80 years. they're the oldest plants we have. they would require quite a lot of additional investment. without any attention to not whether their cost of construction's cheaper, but if they actually don't have their
electricity dispatched for one reason or another, they're not going to be there. >> now, to reiterate again, you gave us a recommendation and said unless you do something like the 25-year, $11.6 billion program to create advanced reactors, we won't have the option. if we did something like that, we were more likely to have the nuclear option. >> let me pull it back one step further. furthermore, in the first five years, we are proposing, part one is r&d phase. meanwhile, you have these advanced lightwater reactors coming on. they may fit the bill. but they're going to need some help, and there's no certainty that that will be there. but there may be somebody who comes forward with a lightwater reactor proposal that's as good as the advanced reactor stuff. we're not married to any particular technology. we want to see the best technology development.
>> and you said that one of the difficulties -- you mentioned five different difficulties in the report, but one of the difficulties is that nuclear power doesn't get credit for being carbon-free at a time when many people think carbon-free electricity is important. and if i heard you right, you said that in order to get credit that would be equal to the credit given to wind power, for example, it would be 2.7 cents per kilowatt hour. >> roughly. >> roughly. >> the investment tax credit, which wind and solar -- and of course, as you know, as the penetration of wind and solar increases, there's an intermitt yhency cost which has to be carried by somebody on the grid one way or the other. that's not included in these -- >> so, at the moment, taxpayers give wind, for example, a 2.7-cents advantage over nuclear power, both of them are equally carbon-free. >> yes, and i hope that i
wouldn't be misunderstood to say i think we should take that away from wind and -- >> i don't mean that. i might do that, but i understand you wouldn't. >> my point -- i want to underscore this -- carbon-free electricity generation is important in the united states and the world, and nuclear is an essential piece of that here and elsewhere in the world. >> senator feinstein. >> you know, john, i've known you for a long time. it's interesting to me because i look at this so differently. i look at it from the california perspective. i've been to southern california edison three times, seen the reactors. they have a problem with the steam generator. they buy two from a japanese company. they're faulty. they end up having to shut down the plant. they've got 3,300 rods in spent fuel pools, no place to put
them. they have a big security force. they've got a plant on a shelf above the pacific with 6 million people living around. then i get a call from tony early of pg&e that they're going to shut down both of their reactors because they believe they can now find cost-effective, clean energy to replace their 1,100 megawatts. so, i have all this spent fuel sitting in metropolitan areas, in an earthquake-prone state when the rim of fire is going around the pacific with big quakes. latest, oh -- yes, 7.8. i don't understand the push for
this and the absence of a push to safely secure the waste. and we have tried, and he has enormous patience with me. and so, we have tried year after year to get a pilot waste. we know there are people that want to build it, a waste facility, where some of this waste -- because even if yucca went ahead, yucca would be filled. and we have 77,000 metric tons of hot waste all over the country. to me, until you've got a methodology to properly harbor this waste for the millennium, it's ridiculous to talk about any of this, because something is going to happen one day, and it's probably on the pacific coast, some kind of fukushima is going to happen. and all the probabilities of a big quake are up.
so, i sit here and i listen to this, and it's like i'm in a fairy tale that what i see in my sta state, with four of the biggest reactors shut down, waste piling up. it makes no sense to me. and i don't understand why the industry doesn't help us push for waste facilities, and they don't. >> first of all, again, i want to remind you, these are very sensible questions to raise about the -- our task was to describe it. you may say, just the waste alone. but i want to make some remarks about that. this congress commissioned a group of people under the
chairmanship of brent and lee hamilton. in 2012, they came out with a report, which was a systemic approach to managing the waste. you know, senate yorks i'or, i' say, i'm old enough to remember kansas, try to put the wastes away. and i'll tell you, that proposal from congressman hamilton and general scowcroft is a absolutely sound way to in an orderly fashion address all of the concerns that you properly are raising. >> we had hamilton in. we sat there with the chairs of the authorizing committee. we put together a nuclear waste policy for this country, which was voluntary. we went through three chairs of the energy committee working on this, oh, from new mexico,
bingaman, widen, murkowski. murkowski worked with us all along. we've got a bill in there that's the two appropriators, the two authorizers all support, and it sits in committee, and the nuclear waste industry does nothing to help pass it. why? i mean, i don't understand this. and we see the accidents take place. it's a kind of madness to build stuff and not be able to properly dispose of the waste. >> pass the bill. the other thing i want to say -- i think it was, now, california. i want to turn to california for a minute. may i say a word about california? >> sure. >> which i know little about, except that i have now two grandsons living in palo alto, so i have a much bigger interest in their safety. >> right. >> i don't know how california's going to manage without those
plants, but i don't think it's so clear that it's going to be cost-free. i mean, cost now in a risk sense. so, i would say i don't know the head of pg&e, but i know a lot of people in california who know a lot about energy. i don't think it's going to be so easy to get that energy. maybe, maybe -- >> all i can say is so far, so good. >> so far, so good is good. we have to keep at it, but i think it's not at all clear how it's going to come out. >> well, i guess i plead with the industry to help us get a permanent waste facility, and one won't do it, and there have to be a number of them. you know, the whip accident, which is now costing in the billions of dollars. it's expensive stuff. we deal with the waste, with the plutonium and uranium processing, and it's the same
kind of thing. it comes in in the hundreds of millions and it grows to the billions of dollars to build these facilities. so, somebody like me that sees what's happening in california says why are we thinking about this if we can't provide the infrastructure to do it right? >> we have to be players because there's going to be much bigger problems with these issues in india and china. and the people are going to be building these plants are going to be russian firms, japanese firms, chinese firms. we have to be players in it. >> thank you, senator feinstein. well, senator feinstein and i are going to figure out how to pass that bill. senator udall. >> thank you so much, mr. chairman. and thank you both for your commitment to this and having this hearing. mr. deutch, thank you. very interesting testimony up till now, and i hope it will continue. 110 nations have ratified the paris climate deal, which will
demonstrate and initiate a need for nuclear power. here at home, more than 360 businesses and investors support the paris climate agreement and a low-carbon energy future for the united states. i am very concerned about president-elect trump's statements about withdrawing from the paris agreement. many nuclear companies and supporters recognize the need for nuclear energy to meet a mission goal, especially in the short term when we need dramatic movement on emissions. won't withdrawing from paris have potentially negative consequences on the future of nuclear power? could you give me a yes or no on that? and then you can expand, of course. >> i don't think so, senator. >> you don't think so. >> i don't think i can give you a yes-or-no answer. >> okay, go ahead. >> no, no, no, i don't think it's a question which, you know -- my credentials here are to report on the secretary of energy's advisory board, not to
make comments -- >> but the expertise that you have directly reflects on this question. >> senator, i'm just not going to be any helpful to you on this. i mean, i would go in a completely different direction, but this is not the occasion to address the question of paris or now -- they're out there in morocco now, right? that's where they are, secretary moniz and secretary kerry, unless they've come back. they've been preparing for c.o.p. 22. >> right. >> but here i'm not the person to ask about this. >> okay. tod today, 20% of the u.s. electricity, and as the chairman said, 63.3% of our carbon-free electricity is produced by approximately 100 lightwater
nuclear reactors. however, many of these plants may be prematurely closing before their 2030 planned retirement, which will result in an increased proportion of energy produced by carbon-emitting sources unless other renewables, solar, wind, are able to replace the capacity of these. what structural or statutory changes are needed to ensure that our current nuclear energy fleet remains a part of the u.s.'s carbon-free energy grid, and what structural or statutory changes are needed to enable nuclear innovation and the modernization of nuclear energy reactors? >> sir, the answer is that there has to be market redesign. and that subject is dealt with in great detail, market redesign and some choices, what choices have to be made, in the report. i would not have the -- you would want to hear me talk about all of them, but let me just say that you cannot have the
circumstances now with around the country, not everywhere, in southeast united states is an exception, you cannot have the market you have giving preference to -- in the dispatch of electricity, to non baseload-generating plants so they cannot make money, even if they were cheaper. so, you have to snind solution to that. that has to be done on a state-by-state basis, and it's a very, very tough task. but otherwise, you're going to continue to have more early retirements, like happened in california. >> and i want to ask that first question in a little different way. i mean, there are many efforts, both at the international level, at the state level, and at our national level, to push us towards renewable sources of
energy. pulling back on those do you think would be a good idea? >> no. >> okay. now, nuclear energy has a production task credit incentive and has had it for many, many years, as you know. however, that credit has now expired and the nuclear industry is preparing to ask congress for new forms of support. on the other hand, while renewable energy credits were recently extended, as you know, they are being phased out, and there's no guarantee they will be extended again. rather than congress debating and continuing new technology-specific tax credits, like the nuclear ptc or renewable ptcs, would the best policy be a technology-neutral price on carbon, which would promote all clean energy technologies, including nuclear, renewables and carbon capture and sequestration?
>> you say -- i didn't quite get the last sentence, sir. >> the last is, and it's a long one, so i'm going to -- >> thank you, sir. >> rather than congress debating and continuing new technology-specific tax credits that i mentioned earlier, like the nuclear ptc or renewable ptcs, would the best policy be a technology-neutral price on carbon, which would promote all clean energy technologies, including nuclear, renewables and carbon capture and sequestration? >> absolutely yes. >> and that's your -- >> and, and i would include in that all the oil and gas drilling things as well, which gives subsidies for certain kinds of fossil -- the answer is yes. a single carbon charge. how the revenue is spent is critical to how it looks
elsewhere, but the answer is, yes, it would be the most efficient way to do it. and that's, some members of my task force think that's exactly what should be done, but that's not part of our report because we're asked to frame an initiative, not to say balance it with all these things that we're now discussing. >> thank you very much. thank you, mr. chairman. >> thank you, senator udall. senator shaheen. >> thank you, mr. chairman, and thank you, dr. deutch, for being here and for your work on the report. i have to say, i share the issues that you raised in your testimony with respect to the importance of nuclear power as we're addressing our need to reduce carbon emissions, not only in the u.s. but throughout the world. i also share your concerns about the importance of american technology when it comes to nuclear safety around the world. i remember talking to one of our engineers from the seaberg nuclear power plant in new hampshire, who relayed to me
what he was doing with russia after chernobyl in an effort to try and address safety there. so, i think those are very important and very relevant as we think about our policy. and i'm disappointed, as you've heard from several of the people here, that i served on the energy committee under chairman bingaman, when we produced an energy bill that would have addressed nuclear power in the future. that never made it to the floor. we have another bill that's currently being negotiated. it's not at all clear if that's going to make it out of congress. that also addresses the future of nuclear power in this country. so, i think we have not been responsive in the way that we should in order to address the future challenges. in new england, 30% of our total electricity comes from nuclear power, so the retirement of nuclear generators is of
particular concern. and you recommend significant reforms in the energy and electricity markets to help value the baseload power that's produced by nuclear reactors. i wonder if you could discuss in a little more detail than you did in response to senator udall what those kinds of reforms should look like, because as we look at new england's wholesale electric operator, iso new england, i think it's a challenge that we have both now and are looking at in the future. so, what kinds of things are you talking about? >> thank you, senator. let me say that i'm not going to do as good a job as i could if i were here with some of my task force members who really specialize more in this than i do. but let me just take the case of illinois, where they closed i think two reactors. because there was no way for them to dispatch the
electricity. at night, wind will even bid negative prices so that they get dispatched in order to earn the 3 cents or whatever it is per kilowatt hour production payment, production tax credit that they get. so, the fact is, you have to fix that. you cannot have a situation where some sources of technology get dispatched with a favorable rate because of a government subsidy. others don't have the government subsidy, they can't -- if they can't dispatch it -- so, that's a specific example. many of the states do not acknowledge the kinds of rates that need to be set, given whatever dispatch rules they have, so that a company can get back its investment over time. that's a negotiation between the regulatory commission and the company, but there is a balance there. it's not being met in many
places. every state is different. so, some parts of the country, like the southeast, are much more accommodative. but without market reform of some kind, this ain't gonna happen. and again, here's the situation everybody in the committee is unanimous on, in our task force is unanimous on. >> well, should ferc have a role in this? what role should their be in trying to look at this issue? >> i'm going to get myself into trouble, but i think, yes, i think ferc should have a much larger role in this. and i guess there's a supreme court decision that gives them more ability to go into paris. but you know, we have a long, jealously guarded history of having local and regional utilities set their own rates on their own basis. but fundamentally, this does, in my mind, require more of a role for ferc, but it's another battle that i'm sure you guys would have to face. >> i'm almost out of time, but i
also wanted to raise an issue that we're seeing in new hampshire with the seabrook nuclear power plant, because they will come up for relicensing i think in the early 2020s. and they've encountered some issues concerning concrete degradation. the asr, alkalized silica reaction. and they have led to concerns about the safety of the plant and the relicensing process. so, is this something that the committee looking at the future of nuclear power has looked at? are there -- how should we address safety issues like that? and -- >> i believe, senator, that you're making exactly the same point that i tried to make earlier. when these plants turn to be 80 -- >> well, this one's not going to be 80. it's a relatively young -- >> but as they get to be older,
questions are going to be raise ed that new plants would have to conform to, and now you have the question about are you willing to make an assessment of the risk and say to them, no, we're not going to relicense you, or you have to repair this? and that's going to be done on a case-by-case basis by the nrc. i don't know the circumstances at seabrook, although at one time i knew it pretty well. but i don't know it any more. but those questions in concrete is a big deal. >> thank you. thank you, mr. chairman. >> thank you. dr. deutch, you've been terrific witness, and it's good to have your experience and your straightforwardness here. i think i'm speaking for all of us. we thank you and your committee for your time and work and secretary moniz for impanelling you. if you have additional comments that you'd like for us to consider, why, we'd welcome your sending those to us after you leave. i think it's time now to go to
the second panel. so, we'll excuse you and ask dr. mckinzie and dr. icenhour, who i introduced earlier, to come forward. dr. icenhour is the associate director of nuclear science at oak ridge national laboratory. and dr. mckinzie, senior scientist at national resources defense council. dr. icenhour, we'll start with you, if we may, and i'll ask each of you to summarize your testimony in about five minutes, if you will, which will give us time to consider, to ask questions. and senator feinstein has an important appointment at 4:00, so we'll conclude either by then or not long after that. dr. icenhour. >> thank you, chairman alexander and ranking member feinstein.
i am very pleased to participate in this panel today. at oak ridge national laboratory, i'm privileged to lead a very talented group of scientists and engineers as we address scientific and technological challenges in both fusion energy, radioisotopes, nuclear modeling and simulation and nuclear security. our nuclear fission r&d efforts include advanced reactor technologies, lightwater reactor sustainability, accident-tolerant fuels, used nuclear fuels, modeling and simulation, such as the consortium for advanced simulation of lightwater reactors, materials and extreme environments, manufacturing and maintenance technologies, and safety analysis and licensing approaches. this expertise enables broader contributions to nuclear security, safeguards and
non-proliferation-related r&d. we are all familiar with the so-called nuclear cliff, which is the point in time when the current fleet of plants rapidly retires. so, how will we replace that capacity? how can we rapidly innovate and enable affordable and reliable advanced reactor technologies? the united states has historically led nuclear energy innovation, and i believe that we must continue to do so. development of the next generation of reactors will provide clean, secure and affordable energy and will ensure that the u.s. industry is positioned to compete internationally. rapid deployment of advanced nuclear systems requires a science-based design and licensing approach. with contemporary science-based tools and techniques, development can be accelerated in laboratory and high-performance computing environments, and this can also
accelerate licensing. materials used in nuclear systems directly affect economics, performance and safety. the opportunity is at hand for a new generation of reactors that will also employ a new generation of materials. we also have the opportunity to see into reactors as never before. modern instrumentation and sensing techniques can optimize operations and further enhance safety. predictive modeling and simulation tools provide a new basis for regulatory action and licensing. innovations can be introduced more quickly and designs can evolve on the drawing board. recognizing the challenges ahead, we must move forward deliberately to avoid the nuclear cliff. future u.s. policy for nuclear energy will be critical. decisions are needed with
specific goals. rapid innovation will be essential and requires collaboration among the national laboratories, industry and universities. we must also leverage existing assets, for example, oak ridge national laboratory has unique facilities, such as our research reactor and hot cells for the safe handling, experimentation and analysis of nuclear materials. or&l is working with idaho and aragon national laboratories to implement the department of energy's gateway for accelerated innovation and nuclear, or g.a.i.n. initiative, which is providing easier access to the technical capabilities of the national laboratories. the timelines and economics are a hurdle for new reactor technologies, but they can be overcome through approaches such as increased use of modeling and simulation, advanced manufacturing techniques and
development of new materials. there is a growing national interest in the deployment of advanced reactors and the associated fuel cycle, as evidence by the number of summits, symposia, workshops, hearings and other events focused on this. such events reflect a collective sense of urgency. national laboratories are a vital part of meeting the challenges to the future of nuclear power. a sustained r&d program is needed with clear, long-term goals. such program will retire technical and regulatory risk, improve economic competitiveness, develop the next generation of scientists and engineers, establish advanced facility capabilities, and address the entire fuel cycle. we are prepared to help solve these compelling challenges, and we are partnering to enable
rapid innovation. together we can succeed in bringing the best of our nation's scientific understanding and engineering capabilities to bear on deploying the next generation of carbon-free nuclear energy technologies. thank you for the opportunity to share my thoughts with the subcommittee. i request that my written testimony be made a part of the public record, and i would be happy to answer your questions. >> thanks, dr. icenhour. dr. mckinzie, welcome. >> is your microphone on? >> okay. i'll restart. chairman alexander, ranking member feinstein and members of the subcommittee, thank you for providing the natural resources dispense council, nrdc, with this opportunity to present our views on the future of nuclear power. nrdc is a national non-profit organization of scientists, lawyers and environmental
advocates with over 2 million members and supporters. nrdc has been engaged with nuclear energy and nuclear weapons since our founding in 1970, and nrdc maintains a nuclear program, which i direct. the future of nuclear power in the united states is uncertain and faces significant challenges. as we've heard, most reactors will reach the end of their licenses and close in the decades ahead, and some are at risk of near-term shutdown. in addition to economic challenges, difficulties for nuclear power arise from safety, security, proliferation and nuclear waste. and the role of nuclear power as a low-carbon energy resource is being superseded by advances in energy efficiency and renewal energy technologies. only four reactors are currently under construction in the united states, four large ap-1,000 reactors, in georgia and south carolina. one type of small modular
reactor, the new-scale smr, may soon submit a license application to the nrc. so, with many nuclear closures and few nuclear builds, the future of nuclear energy is one now of decline. today's hearing considers what are called advanced nuclear reactors and how they could impact the future of nuclear power and government's support for their research and development. to summarize my written testimony in a few words would be, be very cautious on advanced nuclear. first, see what results we get with our current government investment in new nuclear projects -- the ap-1,000s, the new scale smr. and importantly, prioritize unfinished business for nuclear -- the waste issue, among others. for decades, nuclear scientists and engineers have sought to develop advanced nuclear designs that reduced the amount of waste
generated, that lower nuclear weapons proliferation risk, and that improve safety. but such benefits from advanced nuclear are still theoretical. and importantly, there is no evidence that advanced nuclear would be economically competitive in the future. in our testimony, nrdc respectfully offers five recommendations for the subcommittee in consideration of the government's role in advanced nuclear energy research and development. so, i'll go through these five recommendations. recommendation one -- and i think this was echoed a lot in today's hearing -- give priority to solving the nuclear waste problem. many thousands of tons of spent nuclear fuel must be isolated from people and from the environment for millennium. so, our recommendations cite and construct a deep depository using a consent-based and science-based process before spending money on advanced nuclear.
recommendation two -- wait on the construction of the ap-1,000s and the new scale smr, assess the lessons learned from these projects for their safety, reliability and cost before looking at an advanced nuclear demonstration plan. recommendation three -- consistently apply a nuclear weapons proliferation test to advanced nuclear designs. among the energy technology choices for the united states, nuclear power is unique in the overlaps between civilian energy technology and nuclear weapons. the risk of nuclear weapons proliferation from nuclear power can be managed, can attempt to be managed, but never eliminated. preventing proliferation is of utmost importance for the future of nuclear energy. recommendation four -- consider the full impacts of the nuclear fuel cycle associated with advanced reactors, including severe accidents. many aspects of the lightwater reactor fuel cycle are still not
worked out, including, it hasn't come up yet at this hearing, but the issue of decommissioning. recommendation five -- get clear on the economic competitiveness for advanced nuclear early on. nrdc feels like history should teach us a caution. this was echoed in your opening statement, senator, that funding advanced nuclear research and development for uneconomical designs can mean taxpayers are then responsible for far greater sums in the future. to conclude, if an energy policy goal for subcommittee members is to preserve the nuclear power option in the future, then we hope you maintain a healthy dose of skepticism regarding the benefits promised by advanced nuclear technology concepts that seek taxpayer support. thank you. >> thank you, dr. mckinzie. senator feinstein. >> thanks, mr. chairman. mr. mckinzie, you know, it's interesting, because we have no nuclear waste policy in this
country. and as such, we pile up fines -- i think it's $20 million a year -- which are in the hundreds of millions of dollars and yet still fail to act. you've looked at this. why does that happen? i mean, why wouldn't the industry want a nuclear waste policy? why wouldn't they want a nuclear policy, a process by which this -- we've debated it, we've discussed it, and come to the conclusion, you know, that it has to be practical, it has to be voluntary, states have to want it. we have one in new mexico, whip. the people of whip and around it want it. they take great pride in it. a stupid accident or even the most sophisticated agency, los
alamos, who contracts out the kitty litter, and they use the wrong kitty litter, and it explodes. so, it's very hard for some of us to conceive of a future that's properly carried out. and now that these smrs are being proposed, i am told that the only way they're economically cost-efficient is if they're ground together. so, if you're going to put 300 or 400 megawatt reactors, four in one place, you still have to deal with the waste. how do you do that? so, i guess i've really developed a very jaundiced view about the practicality in this country and the ability -- i mean, i was alerted by what
senator shaheen said about the concre concrete. without going into it, john deutch said, well, that's a serious problem. now i'll go and look and find out exactly what it is. so, if either of you have some comments to make, because i think our first responsibility is safety to the public, is to see that these things are secure, that the waste is secure, that they are as functional and efficient and well built as they possibly can be, sided appropriately, run scrupulously. and that's difficult to have happen. and so, it doesn't surprise me that people coming up or companies coming up for relicensing may opt not to go ahead. >> i would -- if i could be very candid on why i think industry hasn't supported a nuclear waste
solution in a vigorous way, i think it would be because the current waste situation, it's consistent with the industry's business model -- storage of spent nuclear fuel, mostly in wet pools, some in dry cask at reactor site. that's fine with the business model. nrdc objects to the nrc finding that long-term storage of spent nuclear fuel in wet pools, in densely packed wet pools, doesn't represent an incredible danger, an incredible risk. but yet, that is tolerated by the regulator. so, there just is inertia in the industry. >> somebody correct me if i'm wrong, but i believe you store them for five to seven years, and then they should be removed from the spent fuel pool and they should be put in dry casks,
hopefully, transportation-enabled dry casks to be removed to a permanent waste facility, which we don't have. i can only speak for california, which i know these things are stacking up. and you know, there's a very real danger in spent fuel pools. if the water disappears, if the pool is fragmented by an earthquake and you have all these hot rods, 3,300 piled up, it's a big problem. so, no one seems to care. that's what really bothers me. no one seems to care. >> it's a very difficult problem. the nrdc advocates for a consent-based and science-based approach on deep deologic repositorie repositories. that includes authority at the state level for regulating radioactive materials. that's not there. that is a component of whip and
why we believe whip was able to go forward in the first place. but we believe that state authority in regulating radioactive materials with respect to a repository is a key element to include. >> thank you. thank you, mr. chairman. >> thanks, senator feinstein. thanks to both of you. i'll have a few -- just a couple of comments. i would not want people to leave this hearing without a different view being expressed about the safety of nuclear power. there's never been a death in connection with the commercial operation of nuclear reactors in the united states since they began. there's never been a death attributable to reactors in the navy since the 1950s when they began. the only most celebrated accident we had in the united states was three mile island in 1979. and despite years of testing of everybody in the area, no one was hurt. so based on the safety record,
no other form of energy has a better safety record, and the nuclear regulatory commission, which has extensive, careful regulation, has determined that the used fuel is safely stored for many years in the places where it is, which is on site. and you know, i agree that we need to move it, and i would like to get it out of california, too, but we have a place to put it, and the place is yucca mountain in nevada, and the law says that's where it should go, and the courts say that's what the law says, and the scientists have said that it's safe there for a million years. so, we really -- and yucca mountain's large enough to accept all of the used nuclear fuel that we have stored on site in the united states today. so, we have a stalemate in the congress.
the reason we haven't passed the legislation senator feinstein and i would like to pass is because we take the position that we should move ahead on all tracks at once, and if we get stuck on one, we should still, namely yucca, we should continue to move on the others. some of those who strongly support yucca mountain say, well, if you don't move on yucca, you're not going to move on anything. well, we've got to solve that. that's our responsibility, really. the help of others would support our position, that's true, but that's our responsibility to work out and we're going to continue to try to do that. dr. icenhour, i just have maybe one or two questions. you heard the testimony about the proposal for two advanced reactors to be licensed and ready for construction in the 2030s from dr. deutch's report. do you think the goal is achievable? and if so, what do you think it will take to accomplish it? >> yes, senator, i do believe that is achievable.
and one of the things i reflect on -- i like history also, as senator feinstein said. and when i drive in oak ridge national laboratory, i drive past the graphite reactor. and that's a lesson in history of what this country can do, a reactor that was built in nine months, went critical in november 1943. and that just reminds me of what we can do when we decide to do something. and so, the question is how do we get there? we have to first of all decide to do it and move forward, much like mr. deutch was saying. we have to decide we're going to do this. we have to set clear goals. we have to have focused effort, focused r&d that will help move us along the way. and it will take a public-private partnership to do this. and then the final element i
would add is, along the way we have to continue to work with nrc to have the appropriate regulatory framework in place. >> dr. icenhour, you talked about the big computers at oak ridge and the work you're doing on modeling and simulation. as we talk about relicensing, taking, say, seabrook maybe from 40 years to 60 years or taking some of the existing reactors from 60 years to 80 years, which the nuclear regulatory commission is considering, how can the supercomputers you work with help with determining whether it's safe and appropriate to do that or not? >> well, one example of that, senator, is, of course, the consortium for advanced simulation of lightwater reactors or c.a.s.l., which has developed a very high-fidelity model of a nuclear reactor, and so we're able to understand that
very clearly what's happening with the reactor and as changes occur. and so, it's the use of advanced modeling simulation coupled with experimental data that can help enable the understanding and help inform the basis for moving forward for life extensions. >> dr. mckinzie, you work for a well-recognized group, the national resources defense council. i would assume you and the council are concerned about climate change? >> yes, we are. >> dr. deutch said his committee was unanimous that if we didn't take some action, that by 2030, we wouldn't have nuclear power option going forward in the united states, so we would lose 20% of our electricity and 60% of our carbon-free electricity. do you think that helps us deal with climate change? >> i would dis -- i question the
2030 as a cliff where all of that power suddenly turns off. it will be more like a ramp down in power as different units reach different ages and -- >> well, but his testimony, nan louis by a widely divergent money was that if we hadn't acted by 2030, the option would be gone, which i guess means that by then, we wouldn't have a way to continue it as over the next 20 years the rest of the reactors closed. >> addressing climate change is a critical problem that requires a transformation in how our country, how the world generates and consumes energy. in the united states right now we have a mix -- >> well, wait a minute, my question is, do you think that it helps dealing with climate change to lose the nuclear option by 2030, as his task force unanimously said would happen? >> i'm a skeptic that nuclear will be able to deliver the
energy, the low-carbon energy that we need to address climate change. >> well, but today it produces 60% of our carbon-free electricity. >> but it has an uncertain future. >> well, but how much of our carbon-free electricity does wind power produce today? >> wind power produces less carbon-free energy than nuclear, but renewable energy, energy efficiency, it has really made incredible advances recently and showing itself as a lower cost option than nuclear for addressing climate change and -- >> so you'd be comfortable losing the nuclear option in terms of our country's ability to deal with climate change. >> i am uncomfortable with unresolved problems for nuclear energy, unsolved problems. i believe that pragmatically, nuclear will continue at a lower level into the future. i don't imagine it vanishing.
we have the four ap-1,000 reactors under construction. so i think that a scenario in which everything is gone by 2030 is perhaps too negative for nuclear energy, but i'm a skeptic that nuclear can continue to contribute at its current level. >> what would replace it? >> well, the department of energy's own national laboratories have seen a scenario where renewable energy can be the dominant source of clean energy in the future. >> meaning windmills? >> solar, wind -- >> solar is today less than 1% of our electricity, right? >> that's correct. >> and wind is about 3% or 4% of our electricity -- >> but the recent growth has been extraordinary. and that trend we believe will continue. >> and the wind is available when the wind blows and the solar is available when the sun shines? >> there is an issue of base load versus non baseload generation to contend with.
i would say that the transmission grid is evolving in time and changing in time and adapting to variable generation as well as there will probably be advances in storage. i think that nuclear will probably play a role in the future. i'm not sure how large, and i do know there are longstanding problems to solve first. >> so, you do agree that finding a way to store used nuclear fuel -- i believe it was your testimony -- is an urgent -- >> absolutely. >> so you support opening yucca mountain? >> no, nrdc does not support opening -- >> why not? the law says it should. the court says the law says that, and the scientists say it's safe for a million years there. >> well, the process of restarting the yucca mountain project would begin with the license application.
and the resolving over 200 contentions, new and significant information that may actually necessitate starting from scratch in terms of the license -- >> so you think we can open another repository more rapidly than we could complete yucca mountain? >> we believe that yucca mountain will likely fail. and so, we do need to go back to basics and -- >> but do you think we can open -- so, you -- and it would fail because groups like yours don't support doing it, even though the science says it's safe there for a million years and the law says we should do it. >> we don't believe it would be able to get through the licensing process. nrdc is not party to the licensing process. >> yucca mountain would be large enough to hold all the stored nuclear fuel in the country that we have today, correct? >> modifications to yucca mountain are in vision that would enable it to store more fuel and require it to include things like titanium drip
shields to prevent operational waste -- >> wait a minute, the nuclear regulatory commission has testified here that yucca mountain's large enough to hold all of the nuclear fuel that's currently stored at the approximately 100 reactors in the country. do you disagree with that? >> no, i don't disagree with that. if you're talking about the 77,000 tons that are stored currently. but the united states will generate, again, as much between now and midcentury. >> right. so, my view is that we should open yucca mountain, the fuel we have there, move it out of california, other places where it is, and open new repositories, maybe a private repository, and solve our stalemate. well, in any event, we've had a terrific wide range of views here today, both from the senators and from expert witnesses, dr. mckinzie, dr. icenhour. thank you both so much for being a part of our discussion.
i've got the wrong page. the hearing record will remain open for five days. all statements submitted by our witnesses and senators will be included in the record. the subcommittee requests all responses for the record be provided within 30 days of receipt. if either of you have something you'd like for us to consider that you didn't have a chance to say today or when you go home you wish you'd said, if you'll send it to us, we'll distribute it to the other senators. we thank you very much for taking your time to be here. subcommittee stands adjourned.
we got to address all five issues that we talked about that were recommended by the task force and tried to create an environment in which we can succeed. obviously, one is to break, to solve the stalemate. the second is to treat carbon-free-producing energy sources equally, either with no subsidy or the same subsidy, and then excessive regulation may be important. >> but can you do that under an administration that doesn't really see climate change as a threat? >> well, climate change isn't the only reason for nuclear power. the main reason is that it produces reliable power 95% of the time at a low cost that will help attract jobs. as soon as japan and germany started closing nuclear power
plants, manufacturers started looking at the tennessee valley to build their plants. i mean, electricity prices in germany have gone through the roof because they've closed their nuclear power plants. and for big manufacturing country, if you want to create jobs, you don't need power just when the sun shines and the wind blows. you need it all the time. >> do you support a recommendation for this carbon tax or a technology-neutral tax? >> i'm not ready to do that yet. i do want to see nuclear power treated equally with every other form of carbon-free electricity, particularly since it produces reliable base load power and it produces 60% of all the power we have. i am puzzled -- i'm glad to see that some of those who care the most about climate change, like senator whitehouse, have come around to the position that it makes absolutely no sense to close nuclear reactors if you
care about climate change, since climate change is caused by carbon and nuclear power plants produce 60% of our carbon-free electricity. i think most people -- one of the reports of the task force was that nuclear doesn't get enough credit for being a carbon-free source of electricity. maybe these hearings will help do that. >> yeah, all right. thank you, senator. >> thank you. a signature feature of c-span2's book tv is our coverage of book fairs and festivals. this coming weekend, book tv will be live from the 33rd annual miami book fair.
saturday's coverage begins at 10:00 a.m. eastern. here's some of what you'll see. "the new york times" book review editor pamela paul on "by the book, writers on literature and literary high" from the book review. wesley lowrie with his book "they can't kill us all." and former democratic presidential candidate senator bernie sanders takes your phone calls and talks about his book, "our revolution: a future to believe in." sunday gets under way at 10:30 a.m. eastern and features fox news host and former white house press secretary dana perino with her latest book, "let me tell you about jasper: how my best friend became america's dog." pulitzer prize-winning journalist susan faluti on "in the dark room." colson whitehead with "the underground railroad." and co-founder of the miami book fair and owner of miami's books and books book store mitchell kaplan. live coverage of the miami book fair saturday at 10:00 a.m.
eastern and sunday at 10:30 a.m. eastern. go to booktv.org for the complete weekend schedule. this weekend, c-span's cities tour, along with our comcast cable partners, will explore the literary life and history of pittsburgh, pennsylvania. on book tv on c-span2, hear about industrialist andrew carnegie on how his innovative spirit transformed pittsburgh into the steel capital of the world, from author ken cobis. >> carnegie talked about the burning sun of chemical knowledge. and so, he started to understand things from a scientific point of view, an engineering point of view, whereas other people were still going on the seat of the pants operations. >> and we'll go behind the scenes at the carnegie library of pittsburgh. >> i think by looking at some of the materials we've selected here that carnegie really had a
love for learning. and through this wonderful institution felt that this would be a way for the public to escape into another world. >> then, author joe trotter explains the lives and contributions of pittsburgh african-americans since world war ii, including the significance of the second great migration, civil rights, and black power movements. >> and that in a real way, the long haul of that story is that black people in pittsburgh, in this ohio river valley, became part of a new industrial environment that really took off in the period after the civil war. >> on american history tv on c-span3, we'll tour the andy warhol museum to see the personal artifacts that once belonged to the famous 20th-century pop artist. museum archivist aaron burn talks about andy warhol's early life in pittsburgh and shows the
artist's collection of wigs and corsets. >> so, these are a really great insight into just how self-conscious andy warhol actually was. i think a lot of people have a vision of him being really cool and aloof. and he was definitely cool and aloof, but it came with a lot of work. >> watch c-span's cities tour of pittsburgh, pennsylvania, saturday at 8:00 p.m. eastern on c-span2's book tv.